Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Does DKIM work?

Since there's still a long standing issue with SPF verification not working, I was wondering about DKIM verification. Does it actually work reliably?

I'm seeing DKIM failures for certain messages from known senders with the reason "body hash mismatch" but I can't be certain if these are actual failures from the sender side or if ES is evaluating them wrong.

The messages are from known senders and not all messages from them are failing verification. Could be an issue on the sender side, I've seen similar issues with Office 365 as sender when their key rotation isn't working properly.

Another thing is that often outright DKIM failure doesn't seem to affect message evaluation much and spam is getting through even with failures.

Category: Email Security Appliances
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @SonicAdmin80

    DKIM problems are way harder to debug than SPF, but in general I would say it works (until it got broken again). Did checked my log and DKIM failures are rare.

    This week I had a case where some mails from remote mail gateways got marked with a DKIM failure which was working without a problem before and after that events. This might be caused by the remote end through key rotation etc.

    But because of having not much faith in the DNS resolving on the ESA I cannot say for sure.

    --Michael@BWC

  • That's my feeling as well. I have some messages failing DKIM verification and others not from the same sender. So could be a key rotation issue but can't really be sure who to blame.

Sign In or Register to comment.