Suped

Summary

The error "dkim=neutral (body hash did not verify)" indicates a problem where the recipient's mail server cannot validate the integrity of your email's body using the DKIM signature. This often means the email content was altered after it was signed, or there's a mismatch in how the sending and receiving servers process the message. Addressing this requires a systematic investigation into your email sending infrastructure and configuration.

Suped DMARC monitor
Free forever, no credit card required
Get started for free
Trusted by teams securing millions of inboxes
Company logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logo

What email marketers say

Email marketers often encounter DKIM body hash verification failures when their emails aren't reaching inboxes as expected. These failures can be particularly frustrating because DKIM is a critical component of email authentication, signaling to recipients that an email hasn't been tampered with in transit. Marketers frequently pinpoint issues arising from how their sending platforms or intermediate services handle email content after signing.

Marketer view

Marketer from Email Geeks indicates they have a customer experiencing the "dkim=neutral (body hash did not verify)" error. This customer is receiving this error when sending to Outlook. They are seeking advice on how to resolve this specific issue, as it is impacting their customer's email deliverability and authentication status, prompting an investigation into potential causes within the email flow.

18 Nov 2022 - Email Geeks

Marketer view

Marketer from Spiceworks Community reports that while their DKIM selector records validate correctly, the MX Tool Message Header Analyzer indicates that the DKIM signature line fails the hash check. This suggests a disconnect between the apparent validity of their DNS records and the actual verification process upon email receipt.The issue points to a deeper problem than just DNS setup.

04 Oct 2020 - Spiceworks Community

What the experts say

Email deliverability experts highlight that DKIM body hash verification failures typically stem from message alterations in transit or fundamental issues with the DKIM signer itself. They stress the importance of understanding the nuances of how different mail systems, particularly Microsoft's, handle email encoding and canonicalization, which can often lead to discrepancies in hash calculation.

Expert view

Expert from Email Geeks suggests that if an email passes DKIM verification at Gmail but fails at Outlook, it's likely due to a problem with text encoding in the message. They elaborate that Microsoft's system may have difficulty with the body hash calculation because of how it processes the encoding.The solution, they indicate, involves changing the encoding performed by the outbound MTA, though the exact technical steps are outside their direct expertise, suggesting it's a task for system administrators.

18 Nov 2022 - Email Geeks

Expert view

Expert from Word to the Wise explains that a "body hash did not verify" error means the recipient server could not recreate the body hash using the public key from DNS. This can occur if the email was signed incorrectly, modified in transit by a forwarding system, or if there's a discrepancy in how encoding is handled between the sending and receiving systems.They emphasize that encoding differences are more probable than initial signing errors or in-transit modifications in the case of Microsoft's systems, due to their specific parsing behaviors.

16 Nov 2022 - Word to the Wise

What the documentation says

Official documentation and technical guides emphasize that DKIM body hash verification failures typically occur when the computed hash of the email body at the recipient's end does not match the hash included in the DKIM-Signature header. This is a direct indication of content integrity compromise or a canonicalization mismatch. Understanding the precise steps of DKIM signing and verification, as well as potential intermediate modifications, is crucial for diagnosis.

Technical article

Documentation from Itechtics recommends checking if correct DKIM records exist and are properly configured in DNS. It emphasizes verifying that MTA-STS (Mail Transfer Agent Strict Transport Security) is also set up, and that email forwarders or gateway configurations are not interfering with the email's integrity.These are crucial steps for resolving DKIM body hash issues.

29 Dec 2020 - Itechtics

Technical article

Documentation from MyEmailVerifier Blog advises a thorough check of the DNS setup for accuracy and currency when a DKIM signature verification fails. It suggests investigating any DNS service disruptions, or damaged or removed linked DKIM DNS resource records.The stability and correctness of DNS are paramount for DKIM.

25 Jul 2024 - MyEmailVerifier Blog

12 resources

Start improving your email deliverability today

Get started