How do I troubleshoot DKIM signature validation failures?
Check:
whether the public key in DNS matches the private key
whether the DNS record contains hidden characters or line breaks
whether the signed headers were altered by a mailing list or forwarder
whether the canonicalization choice was too strict
whether the selector exists and resolves
Most DKIM issues occur from formatting mistakes in DNS or message modification during transit.
A failure will be reported in the Authentication Results header defined in RFC 8601 as `dkim=fail`. The most common reasons are `body-hash-mismatch` (caused by forwarding or content modification) or `key-not-found` (caused by DNS errors).
Was this answer helpful?
Thanks for your feedback!