Symptoms
-
Outbound emails do not pass DKIM verification. The following can be found in source message on recipient side:
ARC-Authentication-Results: i=1;
dkim=fail -
Third party DKIM test services like http://dkimvalidator.com or https://www.mail-tester.com/ show the following in "Validating Signature" section:
result = fail
Details: bad RSA signature
Validating Signature
result = fail
Details: OpenSSL error: data too small for key size
Your DKIM signature is not valid
Cause
TXT record for default._domainkey.example.com. which is set in Plesk > domains > example.com > DNS Settings does not match with globally propagated DNS TXT record:
# dig +short TXT default._domainkey.example.com @203.0.113.2
"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQU111...
# dig +short TXT default._domainkey.example.com @8.8.8.8
"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4...
Resolution
Update the DNS TXT record default._domainkey.example.com:
- Log into Plesk
- Retrieve the value for the DNS TXT DKIM record at Domains > example.com > Mail Settings > How to configure external DNS
- Set the DNS record in external DNS server to the value retrieved in step 2. or contact DNS server owner to synchronize TXT accordingly
with