DKIM: temperror

SUBMITTED BY: Guest

DATE: Oct. 24, 2019, 8 p.m.

FORMAT: Text only

SIZE: 10.6 kB

Raw Download

HITS: 489

Report
  1. DKIM: temperror
  2. WordPress core has been updated automatically today, so I got an email that was sent via PHPMailer in WordPress.
  3. I looked at the email header and found this error:
  5. ++++++++++++++
  6. list of top cheapest host http://Listfreetop.pw
  8. Top 200 best traffic exchange sites http://Listfreetop.pw/surf
  10. free link exchange sites list http://Listfreetop.pw/links
  11. list of top ptc sites
  12. list of top ptp sites
  13. Listfreetop.pw
  14. Listfreetop.pw
  15. +++++++++++++++
  16. Code:
  17. Authentication-Results: mx.google.com; dkim=temperror (no key for signature)
  18. header.i=@server.examplehost.com header.s=default
  19. So I thought there was something wrong and contacted my web host.
  21. They said everything is fine, it's the default behavior of the server.
  23. What I don't quite understand:
  25. The message contains a DKIM Signature:
  27. Code:
  28. DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=server.examplehost.com; s=default;
  29. etc.
  30. But they don't provide a public key. Here's the output from dkimvalidator.com:
  32. Code:
  33. Public Key DNS Lookup
  35. Building DNS Query for default._domainkey.server.examplehost.com
  36. Retrieved this publickey from DNS:
  37. Validating Signature
  39. result = invalid
  40. Details: public key: not available
  41. They say that's the default behavior of the server.
  43. I find that strange, but maybe I'm wrong, please correct me if that's the case.
  44. Code:
  45. dkim=temperror (no key for signature)
  46. ... and
  47. Code:
  48. Details: public key: not available
  49. That's really really clear. You have no DKIM public key published for
  50. default._domainkey.server.examplehost.com -- or if you do, it couldn't find it.
  51. Daddy? How was vi born?
  52. Well son, first cat and echo fell in love...
  53. Yes, I know.
  55. The thing is, it's not about my domain name, it's about the domain name of their server, that's what's in the email header--so I can't do anything about it.
  57. So they don't have published a public DKIM key, but they say everything is fine. That's why I'm confused.
  58. Well, yes, there is. You contact them and ask them why they're signing your emails with a broken DKIM and could they kindly either fix it, or knock it the hell off.
  60. Alternatively, stop worrying about it.
  62. Having a valid DKIM improves deliverability - but not having any DKIM at all (which is effectively the case here) does not hurt deliverability any either.
  63. Daddy? How was vi born?
  64. Well son, first cat and echo fell in love...
  65. I'm not entirely sure if they didn't understand my question or if effectively having this configuration with no public key but a signed email is really their default configuration and they think that's OK.
  67. I suggested to my web host that I still think there's something wrong, but if they're really sure that's OK then they can close the ticket. They closed the ticket. Maybe I should reopen it.
  68. It sounds like php mail / sendmail is in use and mail servers are seeing user@server.example.com as the from and not the from you expect it to be . Is their domain in the from header or x-sender header and the address is like ftpuser@server.example.com ? If so, double check the phpmailer is setting the from address correctly. Also, check that phpmailer is using SMTP authentication instead of the php mail .
  69. You need to change your script sending to smtp and if possible, use the secure port.
  71. You also need to validate your domain not the server's hostname.
  72. You can use a plugin like the one below to send your email by SMTP instead.
  74. Thank you, everyone, for your input. I think I'll just leave it as it is right now.
  76. As SneakySysadmin said, not having any DKIM at all is also OK.
  78. And I could always use a plugin like WP Mail SMTP and for example Mailgun later on.
  79. header.i=@server.examplehost.com header.s=default
  81. What type of hosting are you using? (Shared, VPS, Server)
  83. Are there any other users of this website? Blogs? Comments? WooCommerce?
  85. Does the website send out any newsletters?
  87. If you're the only person that these emails are sent to, then you don't have to worry. If the website has to send emails to other people, then it can become a serious issue as those emails may always land in spam and put that IP on a Blacklist. Alerts from PHP mail are fine if its the occasional email, but it's still better practice to use a SMTP plugin.
  88. A tempfail means that DKIM will be effectively ignored by recipient systems. Some super-anal admin somewhere might decide out of the blue to block emails that tempfail, but no competent admin or spam filtering system will bat an eye at that.
  90. A tempfail is the same as not having DKIM at all. They are very highly unlikely to affect spam scoring one way or the other.
  91. Daddy? How was vi born?
  92. Well son, first cat and echo fell in love...
  93. I just wanted to understand the configuration, it seemed a bit weird to me. It's OK for these emails I guess, so I'll leave it how it is.
  94. It is weird. No server should be signing every email that's sent with an unpublished key. It's not just weird it's bloody stupid - and you can tell your host I said so.
  96. I doubt very much this is hurting your deliverability, but there are always edge-cases and worse, paper-mill certified "administrators" that don't know how to configure their spam filtering who will decide they know better than the RFC and will decide to penalize emails that tempfail on DKIM... so while I doubt this is hurting you any the fact remains that it could.
  98. Your host should not be signing emails unless it has valid keys with which to do so. They should be signing with valid data, or not signing at all - with no in-between.
  99. Daddy? How was vi born?
  100. Well son, first cat and echo fell in love...
  101. no competent admin or spam filtering system will bat an eye at that.
  102. Quote Originally Posted by SneakySysadmin View Post
  103. and worse, paper-mill certified "administrators" that don't know how to configure their spam filtering who will decide they know better than the RFC and will decide to penalize emails that tempfail on DKIM
  104. Enter Yahoo, MSN, and small ISP with trigger happy backwards filters. Yahoo should have been brought behind the barn shed at least 16 years ago. Last time I used, their highest spam filters would allow 500 junks mails a day into the inbox. It was only a backup account to save contacts, which everyone on the list ended up with Malware emails, so I closed it. If something just seems slightly off with a company email, instant block from Yahoo and MSN. Everything could be set properly for the sender and they will still find a reason to have an issue with it, which is ironic for Yahoo especially since they still send out Malware.
  105. Interesting to see so "non-caring" fortitudes towards DKIM and the thought that DKIM does not have an effect on deliverability. I know of a lot of companies that interrogate DKIM signatures - we even do it which has sometimes caused deliverability issues from external senders to the GovCloud. However, I do think that's the difference; you'll probably run into issues sending to an organization using Government boundaries; we had a problem long ago when negotiating with LiquidWeb that caused issues until they were filtered to have DKIM completely ignored.
  107. Ordinarily, if DKIM fails validation there are plenty of other parts of the header that are used for validation and nearly every company we work with on a regular basis has a DMARC record making it easier to authenticate valid emails.
  109. For the average Jane and Joe and for most hosting companies, I am actually not certain what the stance is on DKIM but it appears to be up for debate. Nonetheless, most modern email systems outside of GovCloud (or equivalent) check DKIM and behave accordingly to how it is specified within the standard (GMail is an example).
  111. Personally, I would get the DKIM records properly addressed nonetheless.
  112. Interesting to see so "non-caring" fortitudes towards DKIM and the thought that DKIM does not have an effect on deliverability.
  113. Exactly no one has said any such thing, in fact just the opposite - so perhaps you should start over.
  115. Quote Originally Posted by NortheBridge View Post
  116. Ordinarily, if DKIM fails validation
  117. Difficulty: DKIM did not fail validation.
  119. temperr != "fail"
  121. Temporary errors can be caused by almost anything, on either side of the email - which is why temporary errors are not considered a failure of validation.
  123. Quote Originally Posted by NortheBridge View Post
  124. Nonetheless, most modern email systems outside of GovCloud (or equivalent) check DKIM and behave accordingly to how it is specified within the standard (GMail is an example).
  125. Indeed they do, and they do it properly too - exactly as the standard says it should, which is why GMail cheerfully accepted the email that started this thread.
  126. Personally, I would get the DKIM records properly addressed nonetheless.
  127. Once again, please re-read the thread.
  128. Daddy? How was vi born?
  129. Well son, first cat and echo fell in love...
  130. Temporary errors can be caused by almost anything, on either side of the email - which is why temporary errors are not considered a failure of validation.
  132. Indeed they do, and they do it properly too - exactly as the standard says it should, which is why GMail cheerfully accepted the email that started this thread.
  134. As sad as it is, Gmail just works and has "the right" settings.
  136. Reading all of this reminded me a situation a few months ago. A new client needed information sent to him, which I did. No reply. I later found an email from those systems that you have to validate your email in order to send emails to the person. I did the validation and everything was back on schedule. Guess where the validation email was? In the spam folder. I don't recall what it was but that service in front of his emails had an issue within the header. Who knows how many emails or business opportunities were lost for him and others using that service.
  137. As sad as it is, Gmail just works and has "the right" settings.
  138. Truth - and I did caveat myself earlier that there are always going to be edge cases that do not understand what "temporary error" truly means who will decide they know better and filter against it.
  140. Those are going to be decidedly rare however, so rare that they're probably not worth worrying about.
  142. Should the OP get this fixed? Certainly.
  144. Is it cause for a three-alarm fire? Nope.
  145. Daddy? How was vi born?
  146. Well son, first cat and echo fell in love...
  148. domain group
  149. make money xenoblade 2
  150. hosting meaning
  151. hosting website from home
  152. toi96.top
  153. s domain to time domain
  154. trv24.atspace.com
  155. 60s host andy
  156. make money dropshipping
  157. arb4car.com
  158. www.magichits.eu
comments powered by Disqus