Dkim= Fail

This topic has 5 replies, 3 voices, and was last updated 1 week, 1 day ago by Stefano.

Viewing 6 posts - 1 through 6 (of 6 total)

Author

Posts
June 19, 2025 at 8:45 am #345644

Frontnieuws
Participant

Many of my newsletters (17,000) bounce back to my editorial email with the following comment: Access denied, the sending domain does not meet the required authentication level. pf=Pass, Dkim= Fail, DMARC= Pass. Apparently, the newsletters are being rejected on the Dkim= Fail. How can I resolve this?

Thanks

June 19, 2025 at 9:16 am #345647

Michael
Keymaster

Hello,

did you correctly setup DKIM on your domain?

Thanks,
Michael

June 19, 2025 at 5:51 pm #345674

Frontnieuws
Participant

Thank you for your response.

I copied the DKIM exactly as indicated in the DreamHost panel (and entered it in the Cloudflare DNS settings):

“v=DMARC1; p=quarantine; fo=1; rua=mailto:0ebf045ffd7547dc8e2d634c62fd2a6b@dmarc-reports.cloudflare.net,mailto:dmarc_agg@frontnieuws.com; ruf=mailto:dmarc_forensic@frontnieuws.com; pct=100”

Previously, there was no problem, but for the past 4 days, about a third of the newsletters have been bouncing back.

June 24, 2025 at 3:19 pm #345822

Michael
Keymaster

Hello,

please run a test from here with the address you’re sending with: https://www.mail-tester.com/ and share the results.

Michael

June 25, 2025 at 1:03 pm #345883

Stefano
Keymaster

Hi, since the DKIM is a technical signature added to the email to certify the sender and a DKIM record should be added to the DNS to verify that signature, it could be that you have in place the DKIM at all. The signature is usually applied by the service delivering the email (not the plugin that uses the service to send it).

The DMARC is a set of rules used by who receive email from your address and they state how to deal with those email. For example,the DMARC default states the receiver should “quarantine” email from your address that does not pass the DKIM check or the SPF check.

I don’t think there is a way to set the dmarc to ignore the dkim check, it can only be set to “relaxed”. Then it is the receiver that decides how to deal with the email, maybe using other signals.

Ask the provider if they support the dkim signature and they’ll give you the dkim record to add to the DNS (that is the standard procedure when using a delivery service like Amazon, SMTP2Go, Sendgrid and so on).

June 25, 2025 at 1:47 pm #345887

Stefano
Keymaster

Moreover, you can possibly change the reporting of the DMARC only if the SPF fails:

https://datatracker.ietf.org/doc/html/rfc7489#page-16
Author

Posts

Check out our premium plans with priority support.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Customers' Reviews

Fantastic… and free !

Jori

I was searching for an alternative to my paid newsletter plugin. I found it, and it's even better !
Perfect solution

piper2412

The Newsletter plugin is the perfect solution for me as an author. It was very easy to set up, and they gave great support when I had a question, too! It integrates really well with SendInBlue for transactional emails. A big thumbs up.
impressed

twohills

I paid for the Pro option. Its powerful, yet very helpful. lots of checks and prompts.