To avoid errors such as “DKIM none message not signed” you must generate and maintain an error-free DKIM record with proper configurations for uncompromised email security.
This blog explores ways to fix the error you get when your message is not signed with DKIM, which might be caused due to multiple reasons, including a misconfigured or invalid or missing public key in your DNS.
Key Takeaways
- The “DKIM none message not signed” error occurs when emails lack a valid DKIM signature, often due to configuration issues or missing records.
- Enabling DKIM in your email service settings ensures outgoing emails are properly signed and protected from tampering.
- Misconfigured DNS or syntax errors in the DKIM record are common causes of authentication failures and should be addressed promptly.
- Generating and publishing accurate DKIM TXT records in your DNS is essential for effective email authentication.
- Regularly verify DKIM functionality by checking email headers for pass or fail results to ensure your setup is working correctly.
Possible Reasons for “DKIM none message not signed” and How to Fix Them?
1. DNS Not Hosted Locally
It’s advised to host DNS locally to have better control over your network and for proper DKIM configuration. It also enables you to centralize DKIM settings across the network stack.
Follow these steps to fix it:
- Get a static IP address of your domain.
- Install DNS server software. A few options available are BIND, Microsoft DNS, and dnsmasq.
- Configure the DNS server software with the appropriate settings, such as the domain name you want to use and any subdomains or zones you want to create.
- Create DNS records for your domain and subdomains, such as A records for IP addresses and MX records for email servers.
- If everything is working correctly, you can update the DNS settings on your domain registrar’s website to point to your home DNS server.
2. DKIM Configuration Errors
Syntactical and configuration errors in your DKIM record cause DKIM failures. You can set your record by following these steps.
- Choose a DKIM Selector.
- Generate a pair of public and private DKIM keys.
- Use DKIM TXT record to publish a selector and publish the public key.
- Tokenize all the outbound emails for your domain.
Ensure that DKIM public key record is correctly published in the DNS. It’s suggested to copy-paste it instead of manually typing it, as it’s a combination of numbers, special characters, and both uppercase and lowercase letters. Other than this, to prevent a “DKIM none message not signed” error, you must avert the practice of widespread key sharing as simplified and sorted configuration of shared keys is a vulnerability that hackers can take advantage of.
Also, validate the header of all outgoing emails; it should look like the following:
Simplify DKIM with PowerDMARC!
3. DKIM Not Enabled in Email Settings
To perform cryptography-based authentication checks, you need to enable DKIM in email settings. This way, the domain will attach special headers with every email sent from your domain containing a private key. This key will be matched with the publicly available key to verify the senders’ authenticity. This also ensures that no malicious entity tampered with your messages’ content in transit.
Enabling DKIM in Gmail or Google Workspace
Here’s how you can enable DKIM in email settings in your Google Admin Console:
- Generate DKIM record.
- Add the TXT record name & DKIM key to your domain.
- Sign in to your Google Admin Console and go to Menu > Apps > Google Workspace > Gmail.
- Click on Authenticate email.
- Go to the Selected Domain menu and select the domain for which you want to enable DKIM.
- Click on the Start authentication button. Wait for a while, your DKIM setup will get completed, and the status at the top of the page will read- Authenticating email with DKIM.
Once done, verify if DKIM authentication is on by following these steps:
- Send a test email to yourself or someone who is a Gmail or Google Workspace user.
- Open the email and observe the entire message header. Look for Authenticate- Results. You will see either DKIM=pass or DKIM=OK.
If the email header doesn’t include a statement about DKIM, it means that the DKIM message was not signed. In this case, verify all the steps or reach out to an expert. You can use our email header analyzer tool for a detailed and quick analysis.
Enabling DKIM in Microsoft Office 365
Here’s how you can enable DKIM in email settings for Microsoft Office 365:
- First, sign in to Office 365 portal.
- Go to the app launcher icon in the upper-left corner and click Admin.
- See the lower-left navigation bar, go to Admin, and choose Exchange.
- Go to Protection and click on DKIM.
- Choose the domain for which you want to enable DKIM, followed by choosing Enable to allow signing messages for the chosen domain with DKIM signatures.
- Follow the same steps to enable DKIM for each custom domain.
4. Missing Record
When you come across the “No DKIM record found” error, it means your domain has failed to configure to DKIM email authentication standards. To get rid of this prompt, you need to configure DKIM for your domain by publishing a DNS TXT record using our DKIM record generator that can instantly produce a record with the correct syntax.
Here’s what you need to do:
- Choose your DKIM selector (e.g: selector1)
- Type or paste your domain name (e.g. exampledomain.com).
- Next, click on Generate DKIM record.
- You will receive a private key that you need to enter in your DKIM signer.
- Next, you will receive the generated DKIM record with your public key.
If you’re still facing issues in resolving “DKIM none message not signed”, contact us for immediate assistance with your email authentication practices.
- Yahoo Japan Recommends DMARC Adoption for Users in 2025 - January 17, 2025
- MikroTik Botnet Exploits SPF Misconfigurations to Spread Malware - January 17, 2025
- DMARC Unauthenticated Mail is Prohibited [SOLVED] - January 14, 2025