Resolved DKIM failure

[costas1]

I have enabled DKIM for my domain.

In Cloudflare I have the following DNS records

A [domain].org 198.91.81.12
TXT [domain].org v=spf1 ip4:198.91.80.251 -all
TXT x._domainkey v=DKIM1; k=rsa; p=[value]

When I check in Gmail SPF leads to a PASS, but DKIM to a FAIL.
By the way initially I had the content of the DKIM entry within quotation marks ( "v=DKIM1; k=rsa; p=[value]" ), but as the SPF entry seems to work without them, I also removed them by the DKIM one. It made no difference.
In both cases DKIM ends in failure.

 

[garrettroyce]

I asked another user a while ago if they got it working, but got no reply. This is as far as I've gone with troubleshooting it.

https://x10hosting.com/community/threads/not-secure.207809

 

[costas1]

I asked another user a while ago if they got it working, but got no reply. This is as far as I've gone with troubleshooting it.

https://x10hosting.com/community/threads/not-secure.207809

I don't receive the mails in spam folder, but when I check the original message SPF gives a PASS and DKIM a FAIL. I didn't see any suggestions specific to DKIM in the thread you mentioned, except if you mean Anna's recommendation about disabling proxying for POP and SMTP.

 

[garrettroyce]

You're right. I mixed up the SPF and DKIM. I know I answered one about DKIM not too long ago. Let me look for it.

Edit:
Looks like it also did not get resolved:

https://x10hosting.com/community/threads/invalid-dkim-due-to-tabs-inserted.207023/

With the current load of open issues, I don't think the admin team will get to this right away, but I will ask for it to be reviewed.

 

[Anna]

You're right. I mixed up the SPF and DKIM. I know I answered one about DKIM not too long ago. Let me look for it.

Edit:
Looks like it also did not get resolved:

https://x10hosting.com/community/threads/invalid-dkim-due-to-tabs-inserted.207023/

With the current load of open issues, I don't think the admin team will get to this right away, but I will ask for it to be reviewed.

The problem from that thread should be sorted, the DKIM of my free account works and validates properly (I did have to remove and re-add it however). If the DKIM is recently enabled it should not be affected by the problems that were there initially.

I do not have the free account routed through cloudflares name servers though, have you verified that you didn't miss a character when copying the records over?

 

[costas1]

I just enabled it yesterday. I disabled it once in the meanwhile and then re-enabled it. I copied it once again now from x10hosting's DNS settings to Cloudflare's DNS settings. No luck. Gmail says FAIL for the DKIM. SPF works fine.

Is it possible that this has to do with the MX entry, where I have x12.x10hosting.com as the mail server?

 

[Anna]

That should not affect it, as you could have any third party mail handler and would thus set the third partys designated hostnames for mx to relay mail on their service.

I'm not too familiar with DKIM settings in general, I have it enabled on my personal domains as well (though those are not hosted on x10 free service, they are on an x10 vps), and there I have it setup with cloudflare without hitch, the service I use did however set default._domainkey v=DKIM1; k=rsa; p=[value] while DA uses x._domainkey as the default option.

Google did when I tested accept both versions without issue though.

If you in CloudFlare click edit, does the top part list the key with the domain included? This is what the first part of the current looks when I click edit on cloudflare: default._domainkey.[domain].com, if not that could be a clue to the problem.

 

[costas1]

Yes the "x._domainkey" are subdomains of my domain in Cloudflare's settings. Do you use quotation marks in your settings or not?

 

[Anna]

I do not have quotation marks.

I had DKIM set before switching to CloudFlare though, so they did automatically grab the proper records from the previous name servers, not sure if that makes any difference.

The p=[content] ends with a ; though, it is not clear from your initial post if it does in your case. I see that DA that has them in quotations does not have that last ; so might be that part you are missing, probably added automatically on the actual x10 name servers as DA only acts as the API for it in reality, since it does work for my free test account here.

 

[costas1]

I just added the trailing ";" in Cloudflare's TXT DKIM entry. No difference. My initial entry didn't have it, because I had copied it from x10hosting's DNS settings where there was no trailing ";", but as I said no difference.

 

[Anna]

I do see something odd when I do a dig now (I didn't get anything earlier), and it looks like the copy/paste may have inserted some extra characters, you might want to make sure the paste is done without any formatting (in chrome I have the option when I rightclick to "Paste without formatting"). It might work better if the copy is done from the popup for editing the record in DA, but still I'd make sure to paste with no format.

It might look right on cloudflares user interface, but there's some unicode chars that add up to: ZERO WIDTH SPACE

 

[Anna]

When I dig specifically on our name servers (where it would still be added but they are not queried on domain lookup), the record looks as it would be expected to, so there's definitely something going on with the copy and paste part of getting the records over to CloudFlare.

 

[costas1]

I selected and copied it without hitting the edit button. I will give it a try from the popup this time. (By the way, I also copied it to Notepad++, but it didn't show any non printable characters.)

 

[costas1]

OK. That solved it. I copied it from the popup, after hitting edit and it worked! I'm not sure I can see any difference, since Notepad++ didn't reveal any special characters, when I copied the text directly from the webpage, but I guess that's not that important!

Thanks for the support!

 

[garrettroyce]

In Notepad++ there's a button to print everything; even spaces and newlines have a visual graphic. I've found vertical tabs and other strange things before. I'm not sure if you're using that (sounds like you are), but just in case

https://stackoverflow.com/questions/767545/does-notepad-show-all-hidden-characters

By default, I think it only shows some control characters, but not everything.

 

[costas1]

In Notepad++ there's a button to print everything; even spaces and newlines have a visual graphic. I've found vertical tabs and other strange things before. I'm not sure if you're using that (sounds like you are), but just in case

https://stackoverflow.com/questions/767545/does-notepad-show-all-hidden-characters

By default, I think it only shows some control characters, but not everything.

View > Show Symbol > Show All Characters
That's what I enabled. I didn't see anything. The whole text was pasted in a single line and had to scroll horizontally to reach the end.
Maybe, it wasn't something added, but something missing... Anyway, everything is fine now. Next time I will hit edit, before copying anything.

 

[garrettroyce]

Hm. Did you copy, paste in Notepad++, copy from Notepad++, then paste in CloudFlare? Or, did you copy and paste into both?

I've seen the clipboard carry HTML formatting along with the text, but depending on the context, will only paste the text in some places, and HTML in others. If it's trying to paste plain text in Notepad++, but HTML or RTF into CloudFlare, it could get weird.

Glad it's working though. Anna sniffed it out right away too.

 

[costas1]

I copied from DA and pasted to Cloudflare and to Notepad++ independently. As I didn't see anything weird in Notepad++, I assumed that it would be the same for Cloudlfare, but judging from the result it certainly wasn't.

 

[garrettroyce]

Good to know. At least we have something to say to people with the same issue. It would be nice if they didn't put all the junk in there, so this wouldn't happen, or put a "copy" button that uses JS to copy the text to the clipboard, but these are the things you don't think of until someone actually has a problem.

 

[costas1]

It's impossible to prevent or foresee everything. I used Notepad++ as a way to crosscheck the text I had copied, but it didn't work either, so trial and error is also another approach.