DKIM FAIL with domain null in GMail

domain-name-system email gmail dkim

14,642

Solution 1

Check the DKIM signature in the header. The diagnostic messages seem to indicate that the domain field (d=) is empty or missing. Ensure you are supplying your domain when you sign the emails. The DKIM header should look something like the following:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=example.com; s=201602; h=Content-Transfer-Encoding:Content-Type:
    MIME-Version:Date:Message-ID:Subject:From:To;
    bh=GUIz2zzhMS1zh+o3BSEHOEq5KPzYRRlG+wqnc7+1vNM=; b=Q0LXbOPly2f1Ns6kpuS5e6dykT
    mefOZ8WX5tzNR0jD4Mqttg9IDutAE25M3FR+1UXcnakHCIsj+ELuoqafHvu/1av6vvAhZXMudoo/V
    wz3FDWwUnOroIaDPLvSR9RgBA/SHpPL9REEpCtN5WDnWDQK4P69CygrX+zbyh60aZVhE=;

Solution 2

Try removing quotation marks from the TXT, if you have them.

That is: replace "v=DKIM1; ..." with v=DKIM1; ... in your TXT DNS entry.

For me, this solved the topic's error message. I used Cloudflare as DNS.

I got hang of it with https://mxtoolbox.com (dkim:example.org:mail).

With quotation marks, the tool didn't recognize the DKIM1 "TagValue" and showed "Unknown" in the "Name" column.

But, without quotation marks, that column turned into "Version" and "Description" into "The DKIM record version."

And Gmail Show original turned into "PASS with domain example.org".

14,642

jarvis

Updated on September 18, 2022

Comments

jarvis over 1 year
I'm getting a DKIM: FAIL with domain null error in GMail. When I go to See Original in GMail, I get dkim=fail [email protected];.

In my DNS I have the following TXT Records:

DMARC TXT Entry: _dmarc v=DMARC1;p=reject;sp=reject;rf=afrf;pct=100;ruf=mailto:[email protected];rua=mailto:[email protected];ri=86400

SPF TXT Entry: example.com
```
v=spf1 +a +mx +ip4:70.xxx.xxx.xxx +ip4:71.xxx.xxx.xxx +ip4:72.xxx.xxx.xxx ~all
```
DKIM TXT Entry: _default._domainkey
```
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/HYr74H9Ty6HjTpjawYIfiDa7kOPx+0GJiw4rw7IYkfvrfrLojmGLuS4lg3NbIqYmLg9Ziz77q9vVT15ftrFB1+lTz6+Ei19b6AM8FGCJoDWRHRwB+YN0InJaFs/kPfy1SktqQI8TntPNfH2+tTOUrIT1gi8fjwSnfSkUsbNuSpIp3XrAU6pYzEjXF2h1A3UMFV+7+jLRzEvunj2YCsJ3vaifTihat+Nsw7eP5L2iAzW8b0joP3z6k/UkhUa7/35oNC4Xn1dY532irsBunMJz9QsBxIaNpepiZZkTxfglsq2RP4FWGZbiVFRDDcvsnpi4kFx3eAQtAoo+szLA70FQIDAQAB
```
I tested my records via https://www.mail-tester.com/spf-dkim-check and http://dkimcore.org/tools/keycheck.html and it all checks out. Public Key is 2048-bit. I read the GMail was failing DKIM with smaller keys.

I also tested it with http://unlocktheinbox.com and at the DKIM Validation Check it says:
```
Signature Found:    Yes
SmarterMail DKIM Test:  Failed - Bad Signature
MailBee.NET DKIM Test:  Failed - SignatureInvalid
```
GMail doesn't seem to have any issues with my SPF and DMARC. Here's the authentication-results for those:
```
spf=pass (google.com: domain of [email protected] designates 70.xxx.xxx.xxx as permitted sender) [email protected];


dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=example.com
```
My emails are hosted/sent from http://inmotionhosting.com. My DNS is at CloudFlare.

What am I doing wrong or missing here?

Thanks!
SYN almost 7 years

Having a similar issue, gmail complains about DKIM failing with null domain, while my message headers show that d= is properly set: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maildomain.example.com; s=default; t=1495658386; bh=....
SYN almost 7 years

Answering to myself: the actual problem (raising a 'DKIM failing with null domain' with gmail), is that I had a masquerade map defined, rewriting FROM fields, ... I fixed by commenting it out.