DKIM FAIL with domain null in GMail
Solution 1
Check the DKIM signature in the header. The diagnostic messages seem to indicate that the domain field (d=) is empty or missing. Ensure you are supplying your domain when you sign the emails. The DKIM header should look something like the following:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=example.com; s=201602; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Date:Message-ID:Subject:From:To; bh=GUIz2zzhMS1zh+o3BSEHOEq5KPzYRRlG+wqnc7+1vNM=; b=Q0LXbOPly2f1Ns6kpuS5e6dykT mefOZ8WX5tzNR0jD4Mqttg9IDutAE25M3FR+1UXcnakHCIsj+ELuoqafHvu/1av6vvAhZXMudoo/V wz3FDWwUnOroIaDPLvSR9RgBA/SHpPL9REEpCtN5WDnWDQK4P69CygrX+zbyh60aZVhE=;
Solution 2
Try removing quotation marks from the TXT, if you have them.
That is: replace "v=DKIM1; ..."
with v=DKIM1; ...
in your TXT DNS entry.
For me, this solved the topic's error message. I used Cloudflare as DNS.
I got hang of it with https://mxtoolbox.com (dkim:example.org:mail
).
With quotation marks, the tool didn't recognize the DKIM1 "TagValue" and showed "Unknown" in the "Name" column.
But, without quotation marks, that column turned into "Version" and "Description" into "The DKIM record version."
And Gmail Show original turned into "PASS with domain example.org".
Related videos on Youtube
jarvis
Updated on September 18, 2022Comments
-
jarvis over 1 year
I'm getting a
DKIM: FAIL with domain null
error in GMail. When I go to See Original in GMail, I getdkim=fail [email protected];
.In my DNS I have the following TXT Records:
DMARC TXT Entry: _dmarc
v=DMARC1;p=reject;sp=reject;rf=afrf;pct=100;ruf=mailto:[email protected];rua=mailto:[email protected];ri=86400
SPF TXT Entry: example.com
v=spf1 +a +mx +ip4:70.xxx.xxx.xxx +ip4:71.xxx.xxx.xxx +ip4:72.xxx.xxx.xxx ~all
DKIM TXT Entry: _default._domainkey
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/HYr74H9Ty6HjTpjawYIfiDa7kOPx+0GJiw4rw7IYkfvrfrLojmGLuS4lg3NbIqYmLg9Ziz77q9vVT15ftrFB1+lTz6+Ei19b6AM8FGCJoDWRHRwB+YN0InJaFs/kPfy1SktqQI8TntPNfH2+tTOUrIT1gi8fjwSnfSkUsbNuSpIp3XrAU6pYzEjXF2h1A3UMFV+7+jLRzEvunj2YCsJ3vaifTihat+Nsw7eP5L2iAzW8b0joP3z6k/UkhUa7/35oNC4Xn1dY532irsBunMJz9QsBxIaNpepiZZkTxfglsq2RP4FWGZbiVFRDDcvsnpi4kFx3eAQtAoo+szLA70FQIDAQAB
I tested my records via https://www.mail-tester.com/spf-dkim-check and http://dkimcore.org/tools/keycheck.html and it all checks out. Public Key is 2048-bit. I read the GMail was failing DKIM with smaller keys.
I also tested it with http://unlocktheinbox.com and at the DKIM Validation Check it says:
Signature Found: Yes SmarterMail DKIM Test: Failed - Bad Signature MailBee.NET DKIM Test: Failed - SignatureInvalid
GMail doesn't seem to have any issues with my SPF and DMARC. Here's the authentication-results for those:
spf=pass (google.com: domain of [email protected] designates 70.xxx.xxx.xxx as permitted sender) [email protected]; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=example.com
My emails are hosted/sent from http://inmotionhosting.com. My DNS is at CloudFlare.
What am I doing wrong or missing here?
Thanks!
-
SYN almost 7 yearsHaving a similar issue, gmail complains about DKIM failing with null domain, while my message headers show that
d=
is properly set:DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maildomain.example.com; s=default; t=1495658386; bh=...
. -
SYN almost 7 yearsAnswering to myself: the actual problem (raising a 'DKIM failing with null domain' with gmail), is that I had a masquerade map defined, rewriting FROM fields, ... I fixed by commenting it out.