I've recently began to see a pattern where many of my clients struggle with DKIM. They seemingly follow all the right steps, but along the way one tiny mistake or configuration change and they get swamped with failure reports.
One particularly nasty error I've been seeing more of is a DKIM hash mismatch. This can be very hard to track down because it basically means you set up DKIM correctly in your DNS records and email system, but some unknown system came along and messed up your email.
A typical, illustrative, culprit is the "automatic email signature plugin". If you install a plugin like this and it modifies your email after it has been signed by your email system, then suddenly DKIM alarms start going off. After all, the purpose of DKIM is to prevent email tampering, and the email signature plugin's whole purpose is essentially to tamper with your emails.
Let me take you through the stages of identifying, diagnosing and fixing this tricky DKIM issue.
Simply use the Suped email tester. If it detects a DKIM failure, then click on the DKIM row to see if it was caused by a body hash mismatch.
Any modification to the email body after it is signed by the sender will cause a mismatch.
The most common causes are:
It can be hard to track down the exact cause of the mismatch, but it is typically caused either by your email sending system's configuration or if you send your emails through a security relay it could be that.
Email sending systems will not have this issue by default, so it is typically caused by third-party plugins.
Recommended steps to fix:
I hope those steps helped but unfortunately, due to the tricky nature of this problem, they aren't bulletproof.
If you're still stuck, I'm always happy to help out people struggling with email deliverability, so just shoot a message through to contact@suped.com if you'd like some free advice.
