• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
    • Reputation Monitoring
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • Blog
    • DMARC Training
    • DMARC in Your Country
    • DMARC by Industry
    • Support
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

How to fix DKIM Permerror?

Blogs
What is DKIM Permerror 01

DKIM Permerror or DKIM permanent error can be a result of a failed DKIM verification due to missing header fields. Note that once the DKIM Permerror result is returned, unless the sender undergoes troubleshooting, future verification attempts on the same message will also fail. DKIM issues can lead to failures in email delivery if your DMARC settings are at p=reject. 

What is DKIM Permerror? 

DKIM Permerror is a common error that can occur when you’re setting up DKIM (Domain Keys Identified Mail) in your email program. It may look something like this: 

dkim permerror

DKIM is a security feature that allows you to digitally sign messages with a private key, and then verify the authenticity of those messages by using your public key. It’s often used with SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to make sure that only mail from authorized senders is delivered to recipients’ inboxes. 

The reason you’re receiving this error is that some steps are missing from your setup process. Most often, this happens because you haven’t properly configured your DNS settings or have missed an important step in the configuration process. You may have also entered an erroneous DKIM string to contribute to this result. 

If you receive this error while setting up DKIM, don’t worry! We’ve got all of our best tips and tricks right here to help you get past it fast.

Possible Reasons for DKIM Permerror

  • DKIM Signature Missing Header Fields

A DKIM signature header is a way to verify the authenticity of an email message. It’s a security measure that ensures emails are coming from the correct source. A DKIM signature header is a digital signature created by the sender and added to a message. The receiver can then compare this digital signature with the one they generated themselves to ensure that the email was sent by the correct person or organization.

Mandatory fields:

v= The version of DKIM in use (value=1)

d= the sender’s domain name 

a= This field denotes the key algorithm used to generate the signature with values: rsa-sha256 (for enhanced protection) or rsa-sha1 (for unsupported servers)

s= DKIM selector (an alphanumeric value that may range between 1028 and 2048 bits) to locate the public key in the sender’s DNS.

h= the list of headers that are used in the signing algorithm to compute a hash data of message headers that would be defined in the b=tag.

b= the computed hash data of the message headers that are encoded in a special MIME content transfer encoding called Base64. 

bh= the computed hash value of the message body. This field contains an arbitrary string of alphanumeric variables that are generated using the signing algorithm.

If any of these mandatory fields are missing in the DKIM signing header, it will lead to DKIM Permerror. 

  • Erroneous DKIM string

Making sure that your DKIM DNS record is error-free is important in ensuring that you don’t end up with DKIM permanent error or DKIM Permerror result. If your DNS settings are controlled by a remote nameserver, you must get in touch with your DNS provider to access the DNS on the remote server and relay changes to configure the correct syntax. 

  • Using Spam Appliances

Your spam filters can override DKIM authentication settings on the receiver’s side. This is because spam filters are usually the last line of defense. When your receiver checks the server for the signature it is essentially checking the last server through which the message was relayed i.e. your spam appliance. The absence of DKIM keys there will lead to DKIM Permerror. 

Troubleshooting DKIM Check: Permerror Result

  1. Create a DKIM record using a DKIM record generator tool – manual implementations are prone to human error. Using an online tool can help you get accurate results. 
  2. Check your configured DKIM record using a DKIM lookup tool – To stay on top of DKIM Permerror, periodically check your record syntax to make sure it is valid and functional. 
  3. If you are coming across this error when using Microsoft O365 or any other third party to send emails and also have your spam appliance in place, it may be a result of your spam filters overriding your Office 365 DKIM policy. Make sure DKIM is enabled on both your spam appliance (which is your last line of defense) as well your email vendor’s DNS to resolve DKIM Permerror. 

dkim permerror

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • Google Includes ARC in 2024 Email Sender Guidelines - December 8, 2023
  • Web Security 101 – Best Practices and Solutions - November 29, 2023
  • What is Email Encryption and What are its Various Types? - November 29, 2023
December 16, 2022/by Ahona Rudra
Tags: dkim check: permerror, dkim permanent error, dkim permerror, dkim permerror result, dkim signature missing header fields, how to fix dkim permerror, what is dkim permerror
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • Google ARC
    Google Includes ARC in 2024 Email Sender GuidelinesDecember 8, 2023 - 11:55 am
  • Web Security 101 - Best Practices and Solutions
    Web Security 101 – Best Practices and SolutionsNovember 29, 2023 - 4:52 pm
  • What-is-Email-Encryption-and-What-are-its-Various-Types
    What is Email Encryption and What are its Various Types?November 29, 2023 - 12:39 pm
  • mta sts blog
    What is MTA-STS? Setup the Right MTA STS PolicyNovember 25, 2023 - 3:02 pm
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
Reputation Monitoring
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
How does Microsoft 365 handle inbound emails failing DMARC?How does Microsoft 365 handle inbound emails failing DMARCDKIM Selector2 Not Working for Microsoft 365 Domain 01DKIM Selector2 Not Working for Microsoft 365 Domain
Scroll to top