DKIM not validating

kswaney9 · 03-10-2023 12:56 PM

So I noticed all of my emails are going to spam for my Google workspace company account. I am the admin. We use Cloudflare DNS, registrar in GoDaddy, and Sendgrid. The emails I sent from Google workspace are the ones going to spam, which we don’t send mass emails from when I login to look into the DKIM settings - it said “Stop Authentication” which had me think (after 5+ months) that it never was authenticated. Is this the case?
I find it hard to believe that using Google workspace to send emails automatically sends my emails to spam… Unless I’m missing something along the lines of using a dedicated IP address as opposed to googles. I have knowledge of considering these types of things but I feel like I’m missing something simple. Any insight or suggestions would help as I’ve exhausted the resources available online (various tools give me different results, some say 9/10 deliverability then others tell me my email is in their spam folder). These emails are being sent from Google workspace to one person not from our mass email Sendgrid IP hopefully this is a novel in Korean. Someone has a solution, but any direction helps . Thank you in advance.

ajojose33333344

@kswaney9 May I know your domain name to see if everything is in place?

Else you can use this tool to see it yourself:

https://toolbox.googleapps.com/apps/checkmx/

I would like to know if spf&DKIM is configured and especially what's the dmarc policy.

kswaney9

mitenapartners.com

ajojose33333344

Hi, @kswaney9 unfortunately I couldn't get any info regarding your dkim.

what you can do is send an email to a Gmail id and look out for the "signed by" section on the recipient to see if your domain is dkim authenticated

signed by section won't be there if it is not dkim authenticated

if not your need to follow the below article to fix your dkim:

https://support.google.com/a/answer/180504?hl=en

You shouldn't only turn on dkim from admin console but you are also supposed to add it to your domain dns as a txt records as mentioned on the above article

cryptochrome

His DKIM DNS record is fine, I checked it with MxToolbox. The selector in his case is "google".

ajojose33333344

@kswaney9 how does it go, issue resolved already?

kswaney9

it still says "Stop Authentication" as if the DKIM authentication still hasn't completed...I tried the mx tool 2 days ago and it was all good; but, a client just said that our calendar invites and emails were going to spam (he's been in communication with us for over 4 months). Thank you for the help!

cryptochrome

The "Stop Authentication" is normal. It means it's enabled and the link is for you to disable it again, if need be.

I just checked your domain and your DKIM entry in DNS looks fine. There can be many reasons for why your emails end up in your client's spam. I don't think DKIM is the issue here. It could be anything from the mailserver configuration of your client, their email client, or maybe they have accidentally marked one of your emails as spam in the past, training their spam filter.

Without more information, it's really hard to say what is going on. If you can ask your client to send you the complete email headers of the mail they received, we can do some more investigation.

kswaney9

The “Status: Authenticating email with DKIM” is what’s confusing to me alongside the “authentication can take 48 hours message, but most are immediate” i.e. you will have a different UX/UI upon authentication validating…

ajojose33333344

@kswaney9 "When DKIM setup is complete and working correctly, the status at the top of the page changes to: Authenticating email with DKIM."

That means your dkim is fine and it makes sense, because your dmarc says reject , so if your dkim was failing your emails could have got rejected instead of going to spam.

So your issue is not with dkim, as mentioned by @cryptochrome there are other factors you will have to look into.

MagpiesMike

kswaney9,

One option to confirm DKIM is working is to send an email from your domain to another email address outside your domain (i.e. a personal Google Gmail account). Open that email and navigate to "Show original" under the elipses/three dots on the right hand side of the email. This will show the full header information for the email sent from your domain, including a PASS/FAIL on DKIM. If this shows a FAIL, you should stop authentication in the Admin Console, regenerate the DKIM key and update your DNS record.

Not the "easy button" fix but hopefully this helps you out with another idea.

MagpiesMike

Pramod

When you say "update your DNS record" should I add it in custom records section? The reason I ask is, there is a already a section called "Google Workspace" where I see an entry for "google._domainkey.<domain>.com" and I am not able to edit that. There is an option to delete it. I am not sure if that should be deleted.

DeronJWhite

This is dated but in case anyone runs into the issue as I did...
When you copy the DKIM from Google to your DNS it may start like this...

v=DKIM1;k=rsa;
p=etc...<long string>

Was working with a WIX dns and found that the return after "rsa;" needed to be removed as well as a return after "DKIM1;" (in notepad it'll appear after you remove the one after "rsa;")...

So the DKIM should be one long string with nothing that could be interpreted as a carriage return. Doing this resolved the issues with validating.

apsogr

Hey, I have the same issue, so in the value I put? p=M....(until the last letter)??