DKIM in invalid!


I’m facing a problem but IDK whats the error!

I did a setup for SPF,DKIM,DMARC.
every thing going good.

I did a test also in

also other test site with same result!

but mail tester said dkim is invalid!
i did every thing possible
what should i do ?
my emails going to spam and some sites block it with mail delevery failed!
im not listing in SpamDB i checked it also.
im tired from this dkim any help?

What is the domain name?

  1. Domain?
  1. Mail tester link?

Even if you’re doing 100% perfect, regarding DKIM, SPF and DMARC, even with the strictest policies possible (e.g. SPF-all”, and DMARCp=reject; sp=reject, np=reject;”), you still have to remember:

Having them all perfect is NOT A GUARANTEE, that you won’t reach the spam folder.

If that is really the case, it sounds like something that your email provider needs to help you with.

Start by providing at least the above information, and we can try to figure it out together.

[deleted - confused dkim with spf!]


The server appears to be configured with a generic Reverse DNS (PTR), namely Hetzner’s default in the format, such as for an IP address of

That alone will flag your messages at most destinations, and likely cause deliverability issues. It is also the reason that your X-Spam-Report gives these issues:

	*  0.0 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or
	*       Generic rPTR
	*  3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP
	*      addr 1)

A score of 3.2 due to that, is quite high, considering that by default, only 5 points are required to mark your message as spam.

I would change those instances (including the SMTP HELO name of your mail server application) to something on you own domain:

A new name would ideally be something like e.g.

Caveat: The domain appears just to be a couple of days old, which is also going to point negatively towards your email deliverability.

The message is indeed DKIM signed, using a selector that is supposed to have it’s corresponding public key residing in the DNS record named mail._domainkey.

However, it claims that the signature verification failed.

My suggestion in this scenario would be to verify the contents of the DNS record, as the most likely scenario is that the public key (in DNS) does not match (100%) with the private key on your mail server.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.