Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

DKIM Signature not validating when sending mail with PHP

Tags:

php

email

dkim

I was having a problem with gmail/hotmail filtering emails from my server as spam. The Spam Assassin score is quite low so I know that my IP isn't on any blacklists or such which means it is the filtering that gmail/hotmail use stopping the emails from coming through.

I did some research and read that using DKIM will possibly resolve the issues I am having. I went ahead and enabled DKIM on my server. Now when I send emails using my email client the tool located here (http://www.brandonchecketts.com/emailtest.php) reports the DKIM signature as valid.

The next step was to implement a DKIM signature into my PHP mails. So I went ahead and used this DKIM class located here (http://sourceforge.net/projects/dkim-class-php/) which is a spin-off of PHPMailer.

However, when I send emails now, despite containing a DKIM signature I am getting a strange error from the validation tool.

result = fail
Details: message has been altered

You can see the full report here: http://www.brandonchecketts.com/emailtest.php?email=K86KTXpMbl%40www.brandonchecketts.com

Thanks for any help, I am desperately trying to get this working and have been banging my head against a wall for several hours now.

like image 443
nmford Avatar asked Jul 30 '12 18:07

nmford


1 Answers

I gave an answer to this here : Setting up DomainKeys/DKIM in a PHP-based SMTP client

Basically what you need to ensure is that you supply all the headers that your MTA adds to your out-going email. Because different systems are configured differently, there is no one size fits all solution.

Look at the message source which has failed the the signing (and is giving the Message Altered error) to ascertain which headers were added. Typically your MTA will add the Message-ID and Date header (the Date header may also cause a low spam assasin score if it is missing, so you could as well include it!).

Another common mistake is that you alter the message yourself AFTER signing the message, so ensure no modifications are made in your code after you have signed your message.

After determining which headers were added, then you should add those headers yourself (and therefore over-ride the default behaviour of your MTA adding them) to the email before signing.

like image 81
Nepaluz Avatar answered Sep 28 '22 01:09

Nepaluz