Thanks Mark. I sent an email as suggested and it came back as a fail for DKIM.
“I see you've included a DKIM signature. I've retrieved the public key from 1._domainkey.warwickri.gov The signature failed validation. The Auth Result is fail.” Now I am really confused. I checked what the link you shared showed and what we sent to our ISP and everything seems to match up. Could it be a propagation issue? Our DNS host provider added the settings 2 days ago, so I assumed it should be working by now? From: mailop <mailop-boun...@mailop.org> On Behalf Of Mark Alley via mailop Sent: Friday, March 3, 2023 11:59 AM To: mailop@mailop.org Subject: [EXT] - Re: [mailop] New member, trying to bring our mail server inline. The selector seems to just be "1", of which the published record appears to be valid in DNS. https://tools.wordtothewise.com/dkim/check/warwickri.gov/1 DNS propagation<https://dnschecker.org/#TXT/1._domainkey.warwickri.gov> shows the DKIM record is resolvable across the internet, so resolution isn't the problem, and it appears to be syntactically valid. @Salvatore - if you send a test message to the address provided to you on https://learndmarc.com, it will show you authentication results of direct messages from your mail server which you can use to troubleshoot authentication further. - Mark Alley On 3/3/2023 10:27 AM, Laura Atkins via mailop wrote: Based on the headers of the message you sent here (to mailop), you have yet to actually publish a public key in DNS. https://tools.wordtothewise.com/dkim/check/warwickri/1677852725 laura On 3 Mar 2023, at 14:12, Salvatore Jr Walter P via mailop <mailop@mailop.org><mailto:mailop@mailop.org> wrote: We are in the final stages of migrating our exchange server from 2013 to 2019. I found out we had no SPF, DMARC, DKIM etc setup on our domains. Trying to get us setup properly and have SPF and DMARC working, DKIM is another story. Setup on the server, sent the key to our ISP for the DNS to be added. Headers show the signature is being included. DKIM-Signature: v=1; a=rsa-sha256; d=redacted.gov<http://redacted.gov/>; s=1; c=relaxed/relaxed; t=1677851456; h=from:subject:to:date:message-id;(rest of key) Also from the headers: Authentication-Results: inbound.redacted.net<http://inbound.redacted.net/>; spf=pass smtp.mailfrom=redacted@ redacted.gov<http://redacted.gov/>; dkim=fail header.d= redacted.gov<http://redacted.gov/>; dmarc=pass (policy=none; pct=100; status=pass); arc=none Any suggestion where to go from here? We are having all emails blocked by AT&T, no idea why so trying to get all our ducks in a row and make sure we are doing everything the “right” way. _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://list.mailop.org/listinfo/mailop -- The Delivery Experts Laura Atkins Word to the Wise la...@wordtothewise.com<mailto:la...@wordtothewise.com> Email Delivery Blog: http://wordtothewise.com/blog _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
