Received-SPF: pass (Cache: Last token {mx} (res=PASS)) client-ip=204.77.240.210; envelope-from=<plear@aquawest.net>; x-ip-name=mail2.aquawest.net;
X-Received: from aquawest.net (mail2.aquawest.net [204.77.240.210])
by netwin.co.nz (SurgeMail 7.3p) with ESMTP (TLS) id 11368501-1391920
for <surgemail-list@netwin.co.nz>; Fri, 17 May 2019 13:46:59 +0000
X-Return-Path: plear
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aquawest.net;
s=default; t=1558100819;
bh=gB5eLGUR98LiNvfAyqwM7JQ9AbbhC+5wXTNhoWBQAXA=;
h=To:From:Subject:Date;
b=S21a/hlLm/pFMwQnnH1/Vy+13tS2v/pnD/4AumFfagePMcVHl4QHdQz3RZwOP2O6l
R8XIYTeTpBWKlZ4Q0AZxs+cjAaap0jNFhGPQJ9bNZE79CMkxN6HXqcqPkYs1/aj8nX
XULHA9nh4YaOVbpCV2r23Stw3GYBunk6+T9ghl1LNhnexTYPiBvXEDkTAFbPUoHxi6
9l5r7TY/R/XNK4taDEVUCRgtuiRA0FvNBVlDodbBBSsUIiFcQ7M1E45rN5y2wRFP3p
v04ZWB6u0V5awxdXtwxBzQqxvm2nFQHHs0qTVNFRkZU5WSE4po243s8ceHaOAPU8t8
NUayEXJL/Nltw==
X-Default-Received-SPF: pass (skip=loggedin (res=PASS));
To: surgemail-list@netwin.co.nz
From: plear
Subject: [SurgeMail List] DKIM inconsistent when sending messages
Message-ID: <1cdc8dbb-9ee0-f103-e5bf-406150484143@aquawest.net>
Date: Fri, 17 May 2019 06:46:55 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Thunderbird/60.6.1
MIME-Version: 1.0
Content-Language: en-US
X-X-Authenticated-User: plear@aquawest.net
X-Originating-IP: 204.77.240.210
X-Country: code=US country="United States" ip=204.77.240.210
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-Kann: +OK 0.246 0.989 0/4
X-SpamDetect: ****: 4.1 sd=4.1 lv=0.00 nok=4/1 m=5 nf=0 Close 0.04(X-myrbl:Color=white) 0.90(X-Phrase:isspam) 0.76(X-Verify-Helo:-ERR) 0.31(genuine) 0.31(dkimok) 0.65(X-Verify-Helo:wrongip) 0.35(StandardTLD) 0.41(spfpass) 0.41(X-NotAscii:utf) 0.47(X-LangGuess:English) Saned 5.0 Sval 4.1 bsan 5.0 Moved 5.0->4.1 Sval 4.1
X-NotAscii: charset=utf-8
X-LangGuess: English
X-Probe: +OK skipped, known ip address
X-Phrase: IsSpam score=1.00
X-Verify-Helo: -ERR wrongip: aquawest.net -> 217.70.*.* not in 204.77.240.210
Authentication-Results: netwin.co.nz header.from=plear@aquawest.net; dkim=pass (good signature)
X-Encryption: SSL encrypted
X-MyRbl: Color=White Age=632 Spam=0 Notspam=0 Stars=0 Good=347 Friend=552 Surbl=0 Catch=0 r=0 ip=204.77.240.210
X-IP-stats: Incoming Outgoing Last 0, First 632, in=30654, out=71, spam=0 Known=true ip=204.77.240.210
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
Hi,
I have DKIM set up system-wide. Some
domains are signed correctly and others are not. Let me
explain:
I have two domains - domain that is the
also the "root" or domain name of the server and then I have a
number of add-on domains.
When I use mxtoolbox to check
deliverability on the root domain (lets call it rootdomain.com),
everything checks out as follows:
Ok - DMARC Compliant
Ok - SPF Alignment
Ok - SPF Authenticated
Ok - DKIM Alignment
Problem - DKIM Authenticated
In other words, everything checks out
except the DKIM authentication.
No to make things more confusing, I have
another domain (an add-on domain - let's call it addondomain.com)
where everything works:
Ok - DMARC Compliant
Ok - SPF Alignment
Ok - SPF Authenticated
Ok - DKIM Alignment
Ok - DKIM Authenticated
DKIM key is the
same for all the domains on the server.
I triple checked
and the settings for DKIM are identical for both domains in
DNS. DNS is hosted by company A for rootdomain.com
and company B for addondomain.com. DKIM file is
identical on both. Because emails sent from rootdomain
are getting DKIM recognition on "alignment" I'm thinking the
issue is with surgemail or my server rather than the DNS.
However, I've
tested with dmarcian.com and I get a similar result: emails
sent from addondomain.com verifies just fine and rootdomain.com
shows NO SIGNING for DKIM.
Again, it's the
same key for all domains on the server.
Is the problem with
authentication more likely to be a problem with the server or
with the DNS service?
Has anyone run into
this before and what solution did you find to fix this?
Thanks for any
input you might have!
Patrick