Summary
Aboutmy.email shows no DKIM signature because it checks the actual email header, while other tools may only check DNS records for a DKIM record. If there's no DKIM-Signature header, the email system isn't signing messages, even if the public key is published. DKIM adds digital signatures for verification, and if keys don't match, DKIM fails. SPF helps prevent spoofing by verifying the sending IP against authorized IPs. SPF alignment refers to the 'Mail From' matching the 'From' header, impacting DMARC, which builds upon SPF and DKIM, allowing domain owners to set policies (none, quarantine, reject) for unauthenticated emails. DMARC has strict (exact match) and relaxed (organizational domain) alignment modes. Organizational domains align subdomains to the root for relaxed SPF. Incorrect SPF configuration can mark legitimate emails as spam. DKIM verification failure occurs if content is modified, the signature is malformed, or the DNS record is incorrect. DMARC failure leads to rejection, quarantining, or delivery based on the DMARC policy.
Key findings
- DKIM Verification: Aboutmy.email verifies DKIM by checking email headers; other tools may only check DNS records.
- DKIM Signing: The DKIM-Signature header must be present for DKIM to pass; publishing the public key is not sufficient.
- SPF Purpose: SPF prevents spoofing by authorizing sending IPs.
- DMARC Policy: DMARC builds upon SPF and DKIM to establish policies for handling unauthenticated emails.
- DMARC Alignment: DMARC alignment modes include strict (exact domain match) and relaxed (organizational domain).
- Organizational Domains: Organizational domains are used in relaxed SPF alignment.
- SPF Configuration: Incorrect SPF configuration can result in legitimate emails being marked as spam.
- DKIM Failure Causes: DKIM can fail due to content modification, a malformed signature, or an incorrect DNS record.
Key considerations
- Email authentication testing: Use an email authentication testing tool that analyses email headers to confirm DKIM validity.
- Ensure DKIM Singing: Ensure your ESP or mail system is signing your emails with DKIM.
- SPF configuration: Carefully configure SPF to authorize sending IPs.
- DMARC policy: Establish a DMARC policy to handle unauthenticated emails.
- DMARC alignment mode: Consider the impact of strict versus relaxed alignment modes.
- Organizational domain for DMARC: Consider organizational domain when configuring DMARC
- DKIM trouble shooting: If DKIM is failing check for record and signature errors.
What email marketers say
9 marketer opinions
Aboutmy.email may show no DKIM signature when other tools validate it because it checks the actual email header, while some tools only check the DNS record. DKIM relies on matching cryptographic keys, and SPF involves properly configuring DNS records. DMARC builds upon SPF and DKIM by allowing domain owners to set policies for handling authentication failures, including options to monitor, quarantine, or reject emails. DMARC alignment modes (strict and relaxed) affect how closely the 'From' domain must match the SPF or DKIM domains. DKIM failures can occur due to content modification, malformed signatures, or incorrect DNS records. Incorrect SPF configuration can lead to legitimate emails being marked as spam.
Key opinions
- DKIM Validation: Aboutmy.email validates DKIM by checking the email header, offering more precise results than tools that only review DNS records.
- DMARC Policy: DMARC policies dictate actions for emails failing SPF and DKIM, ranging from monitoring to quarantining or rejecting messages.
- SPF Configuration: Correct SPF configuration ensures that authorized IP addresses are listed in DNS records to prevent emails from being marked as spam.
- Alignment Modes: DMARC uses strict and relaxed alignment modes for SPF and DKIM, affecting how closely domains must match.
- DKIM Failure Causes: DKIM failures can result from email content changes, malformed signatures, or DNS record issues.
Key considerations
- Authentication Method: Use a tool that analyzes email headers to check for the DKIM signature like Aboutmy.email.
- DMARC Implementation: Implement a DMARC policy to handle emails that fail authentication based on your organizations needs.
- SPF Setup: Ensure that authorized IP addresses are listed in the correct DNS records.
- DMARC Alignment: Understand the implications of strict and relaxed DMARC alignment on your email deliverability.
- DKIM Troubleshooting: Monitor your emails to check for problems like content alteration or incorrect DNS settings.
Marketer view
Email marketer from AuthSMTP shares that properly configuring SPF involves creating a DNS TXT record that lists all authorized IP addresses that can send email on behalf of your domain. Incorrectly configured SPF can cause legitimate emails to be marked as spam.
25 Dec 2023 - AuthSMTP
Marketer view
Email marketer from StackOverflow explains that a DKIM verification failure could occur if the email content is modified after signing, if the DKIM signature is malformed, or if the DNS record containing the public key is incorrect or unavailable. Aboutmy.email might be more sensitive to these issues.
11 May 2025 - StackOverflow
What the experts say
4 expert opinions
Aboutmy.email checks the actual email header for a DKIM signature, while other tools might only check for the presence of a DKIM record in DNS. If the DKIM-Signature header is missing, the mail system isn't signing emails even if the DKIM public key is published. SPF doesn't have alignment concepts. DMARC defines strict (exact match) and relaxed (organizational domain) alignment. Organizational domains align subdomains with the root domain for relaxed SPF alignment, affecting DMARC evaluation.
Key opinions
- DKIM Verification Method: Aboutmy.email verifies DKIM by examining the email header, while other tools may rely solely on DNS records.
- DKIM Signing Requirement: A missing DKIM-Signature header indicates the email system is not signing emails, irrespective of public key publication.
- DMARC Alignment Types: DMARC defines alignment between hostnames in two forms: strict (exact match) and relaxed (organizational domain).
- Organizational Domains: Relaxed SPF alignment uses organizational domains, aligning subdomains with the root domain.
Key considerations
- Ensure DKIM Signing: Verify the email system is configured to sign emails, beyond just publishing the DKIM public key.
- Understand Alignment: Grasp the difference between strict and relaxed DMARC alignment to make informed policy decisions.
- Organizational Domain Implications: Consider the impact of organizational domains on DMARC evaluation when using relaxed alignment policies.
- Email Authentication Method: Choose an email authentication tool that analyse the email headers to confirm the DKIM is signed and valid.
Expert view
Expert from Email Geeks explains that the two hostnames share the same organizational domain. Therefore, they are aligned.
9 Feb 2025 - Email Geeks
Expert view
Expert from Email Geeks explains that if there is no DKIM-Signature header, then the mail system has not been set up to sign the mail, even if the DKIM public key is published correctly. He suggests contacting the ESP to enable signing. Most DKIM tools only check what you tell them, whereas aboutmy.email checks the actual mail being sent.
4 Apr 2023 - Email Geeks
What the documentation says
4 technical articles
Aboutmy.email showing no DKIM signature implies the email wasn't signed at sending. DKIM adds a digital signature to emails, verifying their authenticity and integrity. SPF alignment ensures the 'Mail From' domain matches the 'From' header domain, which DMARC uses for legitimacy assessment. SPF prevents spoofing by validating sending IP addresses against authorized lists, while DKIM verifies message authenticity via digital signatures.
Key findings
- DKIM Signature Absence: Absence of a DKIM signature in Aboutmy.email indicates the email wasn't signed during transmission.
- DKIM Functionality: DKIM provides a digital signature to verify the authenticity and integrity of email messages.
- SPF Alignment Importance: SPF alignment, where the 'Mail From' and 'From' domains match, is a key factor in DMARC's legitimacy checks.
- SPF Anti-Spoofing: SPF prevents email spoofing by validating sending IP addresses against a list of authorized IP addresses published in the domain's DNS record
Key considerations
- Ensure DKIM Signing: Ensure that emails are properly signed with DKIM before sending to ensure authentication.
- Verify SPF Alignment: Confirm that SPF alignment is correctly configured to enhance email legitimacy.
- IP Address Authorization: Ensure only authorized IP addresses are sending emails.
- DKIM Record Validation: Regularly validate DKIM records.
Technical article
Documentation from Microsoft explains that SPF prevents spoofing by verifying the sending IP address against a list of authorized IP addresses published in the domain's DNS record. DKIM adds a digital signature to the email header, allowing recipient servers to verify the message's authenticity.
15 Jul 2024 - Microsoft
Technical article
Documentation from DMARC.org explains that SPF alignment refers to whether the domain used in the 'Mail From' or 'Return-Path' address (the envelope sender) matches the domain in the 'From' header (the visible sender). DMARC uses SPF alignment as one factor in determining whether an email is legitimate.
20 May 2024 - DMARC.org
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
Are SPF, DKIM, and DMARC records necessary for transactional email servers not used for marketing?
Can DKIM be set up on a subdomain, and which domain should be used for signing?
How do SPF, DKIM, and DMARC affect email deliverability with Cvent?
How do SPF, DKIM, and DMARC email authentication standards work?
What are SPF, DKIM, and DMARC, and when are they needed?
