DKIM Signature not validating when sending mail with PHP

Asked 30/7, 2012 at 18:54 Answered 9/2, 2016 at 19:22

I was having a problem with gmail/hotmail filtering emails from my server as spam. The Spam Assassin score is quite low so I know that my IP isn't on any blacklists or such which means it is the filtering that gmail/hotmail use stopping the emails from coming through.

I did some research and read that using DKIM will possibly resolve the issues I am having. I went ahead and enabled DKIM on my server. Now when I send emails using my email client the tool located here (http://www.brandonchecketts.com/emailtest.php) reports the DKIM signature as valid.

The next step was to implement a DKIM signature into my PHP mails. So I went ahead and used this DKIM class located here (http://sourceforge.net/projects/dkim-class-php/) which is a spin-off of PHPMailer.

However, when I send emails now, despite containing a DKIM signature I am getting a strange error from the validation tool.

result = fail
Details: message has been altered

You can see the full report here: http://www.brandonchecketts.com/emailtest.php?email=K86KTXpMbl%40www.brandonchecketts.com

Thanks for any help, I am desperately trying to get this working and have been banging my head against a wall for several hours now.

Ginglymus answered 30/7, 2012 at 18:54 Comment(3)

You appear to be signing the from and subject headers (plus the body). You should check that no mail servers between you and the test program alter those headers or the body contents. The issue could also be that the DKIM signer class is buggy or using the wrong key. – Roomette 30/7, 2012 at 18:59

How do I check that no mail servers are altering the body contents? Also the key is definitely correct, just double checked it. – Ginglymus 30/7, 2012 at 19:7

Examine the message you sent and the message the test program says it received. Ensure they're identical in the places that are signed. – Roomette 30/7, 2012 at 19:17

I gave an answer to this here : Setting up DomainKeys/DKIM in a PHP-based SMTP client

Basically what you need to ensure is that you supply all the headers that your MTA adds to your out-going email. Because different systems are configured differently, there is no one size fits all solution.

Look at the message source which has failed the the signing (and is giving the Message Altered error) to ascertain which headers were added. Typically your MTA will add the Message-ID and Date header (the Date header may also cause a low spam assasin score if it is missing, so you could as well include it!).

Another common mistake is that you alter the message yourself AFTER signing the message, so ensure no modifications are made in your code after you have signed your message.

After determining which headers were added, then you should add those headers yourself (and therefore over-ride the default behaviour of your MTA adding them) to the email before signing.

Felton answered 23/10, 2012 at 3:21 Comment(0)

I found strange behavior of php mail() + postfix with dkim:

If you make

$headers .= "From: USER <$from_email>\n";

DKIM will be incorrect, but if you do:

$headers .= "From: USER <" . $from_email . ">\n";

All OK! Strange. Very strange. Also users recommended to make

trim($emailContent)

Chiliasm answered 9/2, 2016 at 19:22 Comment(0)

Recommended topics

Hot tags