Generating and maintaining an error-free DKIM record with proper configurations for uncompromised email security is important. Else you might come across errors like “DKIM none message not signed”, etc.

This blog explores ways to fix “DKIM none message not signed,” which might be caused due to multiple reasons, including a misconfigured or invalid or missing public key in your DNS. As a domain administrator, you must ensure your DKIM public and private keys match and are configured properly. There are more potential reasons causing this error; let’s know what they are and how to fix them for optimum email authentication.

Possible Reasons for “DKIM none message not signed” and How to Fix Them?

1. DNS Not Hosted Locally

It’s advised to host DNS locally to have better control over your network and for proper DKIM configuration. It also enables you to centralize DKIM settings across the network stack.

Follow these steps to fix it:

Get a static IP address of your domain.
Install DNS server software. A few options available are BIND, Microsoft DNS, and dnsmasq.
Configure the DNS server software with the appropriate settings, such as the domain name you want to use and any subdomains or zones you want to create.
Create DNS records for your domain and subdomains, such as A records for IP addresses and MX records for email servers.
If everything is working correctly, you can update the DNS settings on your domain registrar’s website to point to your home DNS server.

2. DKIM Configuration Errors

Syntactical and configuration errors in your DKIM record cause DKIM failures. You can set your record by following these steps.

Choose a DKIM Selector.
Generate a pair of public and private DKIM keys.
Use DKIM TXT record to publish a selector and publish the public key.
Tokenize all the outbound emails for your domain.

Ensure that DKIM public key record is correctly published in the DNS. It’s suggested to copy-paste it instead of manually typing it, as it’s a combination of numbers, special characters, and both uppercase and lowercase letters. Other than this, you must avert the practice of widespread key sharing as simplified and sorted configuration of shared keys is a vulnerability that hackers can take advantage of.

Also, validate the header of all outgoing emails; it should look like the following:

DKIM Not Enabled in Email Settings

To perform cryptography-based authentication checks, you need to enable DKIM in email settings. This way, the domain will attach special headers with every email sent from your domain containing a private key. This key will be matched with the publicly available key to verify the senders’ authenticity. This also ensures that no malicious entity tampered with your messages’ content in transit.

Enabling DKIM in Gmail or Google Workspace

Here’s how you can enable DKIM in email settings in your Google Admin Console:

Generate DKIM record.
Add the TXT record name & DKIM key to your domain.
Sign in to your Google Admin Console and go to Menu > Apps > Google Workspace > Gmail.
Click on Authenticate email.
Go to the Selected Domain menu and select the domain for which you want to enable DKIM.
Click on the Start authentication button. Wait for a while, your DKIM setup will get completed, and the status at the top of the page will read- Authenticating email with DKIM.

Once done, verify if DKIM authentication is on by following these steps:

Send a test email to yourself or someone who is a Gmail or Google Workspace user.
Open the email and observe the entire message header. Look for Authenticate- Results. You will see either DKIM=pass or DKIM=OK.

If the email header doesn’t include a statement about DKIM, it means messages sent from your domain aren’t signed with DKIM. iInthis case, verify all the steps or reach out to an expert. You can use our email header analyzer tool for a detailed and quick analysis.

Enabling DKIM in Microsoft Office 365

Here’s how you can enable DKIM in email settings for Microsoft Office 365:

First, sign in to Office 365 portal.
Go to the app launcher icon in the upper-left corner and click Admin.
See the lower-left navigation bar, go to Admin, and choose Exchange.
Go to Protection and click on DKIM.
Choose the domain for which you want to enable DKIM, followed by choosing Enable to allow signing messages for the chosen domain with DKIM signatures.
Follow the same steps to enable DKIM for each custom domain.

4. Missing Record

When you come across the “No DKIM record found” error, it means your domain has failed to configure to DKIM email authentication standards. To get rid of this prompt, you need to configure DKIM for your domain by publishing a DNS TXT record using our DKIM record generator that can instantly produce a record with the correct syntax.

Here’s what you need to do:

Choose your DKIM selector (e.g: selector1)
Type or paste your domain name (e.g. exampledomain.com).
Next, click on Generate DKIM record.
You will receive a private key that you need to enter in your DKIM signer.
Next, you will receive the generated DKIM record with your public key.

If you’re still facing issues in resolving “DKIM none message not signed”, contact us for immediate assistance with your email authentication practices.

About
Latest Posts

Yunes Tarada

Domain & Email Security Expert at PowerDMARC

Yunes is an Operations Team Lead at PowerDMARC with expert knowledge in email authentication and security. Yunes is a Microsoft-certified Azure Administrator Associate with certifications in CompTIA A+ and many more.

Fix “DKIM none message not signed”- Troubleshooting Guide