1

When I send emails to any yahoo account the authentication result shows the following:

YAHOO RESULT:

Received-SPF: pass (domain of anildagia.com designates 66.225.220.59 as permitted sender)

Authentication-Results: mta1130.mail.ne1.yahoo.com  from=anildagia.com; domainkeys=neutral (no sig);  from=anildagia.com; dkim=permerror (bad sig)

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=anildagia.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:
    Subject:To:From:Reply-To; bh=NdValE+9fCd5OWbanfpwrpyHG+MCKgpGZWDUrOJ9gYM=; b=
    N7NSik1ycEgteLZA+iH8+c3xIuzvUStVJ93Zstizf4IqmrEE/puZD8PDFE9Pj3RpYvtRsaHa2um8Y
    DlanBQK6hrQdLHluL2euTShegyK4fDZm2GOXTG3DiZnl+YpSX+L2oviT0/rUnGghHMcDhcRY3uUvg
    ChzOp4sox10zTMUHmooMhkj21NUvJBHiDow0ZuFZbe7sNNGsgngzs9MndIWogC8jUOV7QplVRQ5gu
    3G0AHXQKlmHqTx4qJDWB1fAp/fM+zRlTYRtYI94D0qRZuyVcFEI/2CVlZMiKdb7ZKOTqIsAYaymj7
    dauxn7REgMHtD105QBvel7HovAFX2K92tw==;

The same emails when sent to gmail shows the authentication results as

GMAIL RESULT:

Received-SPF: pass (google.com: domain of info@anildagia.com designates 66.225.220.59 as permitted sender) client-ip=66.225.220.59;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of info@anildagia.com designates 66.225.220.59 as permitted sender) smtp.mailfrom=info@anildagia.com;
       dkim=fail header.i=@anildagia.com;
       dmarc=pass (p=NONE dis=NONE) header.from=anildagia.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=anildagia.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date:
    Subject:To:From:Reply-To; bh=4pgVRjubzhekogi5gZ0uqplAKzY4Q4iOELKxNvbHfTw=; b=
    U0hVfDCz9yi5yBngfRBnlTHy5hOiZfHZZbBujDts1tt9/BD/ftpiQFJrKyPJbBbbM+8IwIcMtpG7C
    4YL7IiaDBvOzW2gwe7sL4tiYqD5ZzmWjSpRqGwe4XxLnMpl5cp3ded8ArdI5hWMPhesBIAU/uSh+K
    QAhRzKYGxN76Quw6NK1KgGJv5bEduwjMusCGjhiBz6pvFivo+FZu3HHKzQeo5bCsZivjx82XpdHSZ
    /6FMB3TmI3l9gX0K9fLBULSOsZqkGOgGxRWkQN2kP6mosUJsIPwMVPrPYdyHE7jbST05rZjcue/3O
    jIertUN1ErVa+noRcMvWh3wAu6dcjRFYVA==;

Gmail is able to successfuly detect authentication but yahoo fails. Why is this happening?

I have the following records set in my DNS:

for SPF: TXT RECORD -> anildagia.com. -> "v=spf1 +a +mx +ip4:66.225.220.53 +ip4:66.225.220.59 ~all"

for DKIM policy record: TXT record -> _domainkey -> "t=y; o=~"

DKIM record:

TXT record -> default._domainkey -> "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QltbwXteGiLiGdmZriW0zQigjs3ZIMQFZ/OcXrgHtcG3e88T5GWNBpIllbTnbS1+O2SO5qX2MUivRGBGebjdY2sDLnCzQ1Pcp5/FmZtFNg8+bjiRoW8WhDfVflSWYfUW8RtOdJTMoQiYCS8WurDVH/Qr5iAlFZm81hJD0v3QSwnAtCsW3WGSbIhvDP/zA3ke" yIWQK0akcQWiwB23sLJP3bloSW7V4oMJuFJ/F8pAMv52P4khrKX27mSyQLR32PIWI5Y8hZ08g/rs1BI2Gs278LYmsdxf7qnsuvljmjfkZtVps9p6Se/3S3bTpl7QNMViHZHlu9sCqNKvhcFOQIR5wIDAQAB\;

Apart from creating records in the DNS through CPANEL, I have very little knowledge of this. I can create records as specified.

Someone please help me what needs to be changed.

sebix
  • 4,403
Anil Dagia
  • 21
  • 1
  • 2

2 Answers2

2

Gmail is able to successfuly detect authentication but yahoo fails. Why is this happening?

That is not that is happening at all. Quote from the Gmail header you posted: ... dkim=fail header.i=@anildagia.com; dmarc=pass ....

As you can see both Gmail and Yahoo fail in verifying the DKIM signature. The only difference is that Gmail is also doing DMARC besides SPF and DKIM, which only requires either SPF or DKIM to pass.

As Paul Mc Auley already said in his answer, without more information it is hard to tell what exactly is going wrong with DKIM. All I can add to his answer is that it is probably better to test with a DKIM validator like https://www.port25.com/support/authentication-center/email-verification/, as they provide more feedback.

user228011
  • 226
1

Hard to tell without seeing the headers as they appear in the received messages, but I'd suggest comparing the original headers with the ones which arrive at GMail and Yahoo. Specifically, the ones named in the DKIM Header (Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Reply-To). You may wish to cut the headers signed down to the minimum and see if the behaviour changes.

Paul Mc Auley
  • 11
  • 1