DKIM fail – Invalid public key

So I had just implemented DomainKeys Identified Mail (DKIM) on a Postfix server and was confident that the signing process was correct, but on testing, the recipient’s SMTP server insisted that the message had failed authentication due to an invalid public key.

After inspecting the DKIM implementation on my Postfix server, I proceeded to query the TXT record containing the public key to verify that it was correct:

dig -t txt selector._domainkey.domain.tld

The response to my DNS query showed me that the public key was indeed the culprit as a large chunk of it was missing. The cause of the problem turned out to be that the DNS provider was limiting their TXT record fields to 255 characters, which obviously wouldn’t fit the 2048 bit domain key I was using.

I changed my DKIM implementation to use 1024 bit keys instead, waited for the DNS TTL (Time To Live) to expire and sent another test mail. This time around everything turned out as expected and the DKIM signature was valid.

Roger Comply avatar
Roger Comply
Thank you for reading!
Feel free to waste more time by subscribing to my RSS feed.