Re: DKIM implementation isue

From: Murray S. Kucherawy <>
Date: Thu, 24 Jan 2013 11:26:18 -0800 (PST)

In addition to the other advice and comments so far:

On Thu, 24 Jan 2013, L.W. van Braam van Vloten wrote:
> I have followed the instructions at
> ix/, where:
> My selector is "list"
> My domain name is ""
> I have added the following records to my DNS "" zonefile:
> _domainkey.list          IN TXT     "t=n;o=~"

This is an old-style DomainKeys record, both in terms of its name and its
content. It is not used by DKIM. This leads me to believe the
instructions and steps you've followed are a bit of a mixture of valid and
outdated instructions.

> list._domainkey.list       IN TXT     "g=*; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRIUfe6fct5L75N0M2SOLVUE16THGX62egUTS
> j8mzi8uFjO6+ZuI9F8G7sIaHhHQ6RITrqYvH7cNxU2VWhqV9UobEs3ZecCkzThDewdloUmZ0oOkHG
> mE6zlNnodRcbfP+1VxMNC2KTHhSc8ONk3hlYuI6zyTxkU68Kg7kpajNXjQIDAQAB"

This means you'll be signing mail with a selector of "list" and a domain
name of "list.<your-domain-here>". Is that correct?

> Mail sent to an address contains the following header:
> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;
> s=list.private; t=1359040840;
> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
> h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type:
> Content-Transfer-Encoding;
> b=aGYNtCgjRv45NOT+lR2r+PpzeBmSthzDKLiG7XIig//N2qpUxFEmUmscOoeYhr7Bm
> uIxaL5dA0KcArlEheEIL66Yfx+Z5Zggdz5cSBMnjmFXyULgramQExWn1y8sSjdw1Xm
> zZsr9UHvt2ZQ/O+Xn1yPc8cnXRyOA/fy52xMCaBM=

A verifier looking at this will be trying to find a record at Is that what you intended?

> The test at says: "This is a valid DKIM key
> record"
> However this does not work properly:
> - When I test "" at
> gives me the result:
> "This selector is in error: Tag 'p': Invalid public key has no modulus"

Then your selector configuration is in error (it should just be "list").

> - mail sent from my server to an address contains the header:
> Authentication-Results:;
> domainkeys=neutral (no sig);; dkim=permerror (no key)

That matches what I said above.

Received on Thu Jan 24 2013 - 19:26:42 PST

This archive was generated by hypermail 2.3.0 : Thu Jan 24 2013 - 19:36:02 PST