If you’re running into issues with DKIM signatures failing when sending to Microsoft domains, but working fine elsewhere, one thing to check is that your various email headers aren’t too long or wrapped improperly. Postmark’s blog post from January touches on this very issue; ActiveCampaign’s Postmark platform previously generated list-unsubscribe headers that were quite long; so long as to cause a specific issue with DKIM email authentication at Microsoft.
Did the sending email platform violate the RFC by generating too long of headers? I’m not entirely sure, and that’s not really the point. Sometimes things can fall within the RFC requirements or guidelines just fine but still do not match the reality of how a mailbox provider has implemented things. The goal in sharing this info? Not to accuse either Postmark or Microsoft of doing something wrong, but to offer up a potential solution, some actionable advice, if you run into a similar issue.
Long story short, if you generate really long headers, like, in this case, the list-unsubscribe header, or possibly even others, and you’re seeing DKIM signatures failing to validate at Microsoft, shortening those headers is something you should consider testing. Postmark did, and it solved their problem.
And they were kind enough to share this with the world (here) – kudos to them!
If you’re running into issues with DKIM signatures failing when sending to Microsoft domains, but working fine elsewhere, one thing to check is that your various email headers aren’t too long or wrapped improperly. Postmark’s blog post from January touches on this very issue; ActiveCampaign’s Postmark platform previously generated list-unsubscribe headers that were quite long; so long as to cause a specific issue with DKIM email authentication at Microsoft.
Did the sending email platform violate the RFC by generating too long of headers? I’m not entirely sure, and that’s not really the point. Sometimes things can fall within the RFC requirements or guidelines just fine but still do not match the reality of how a mailbox provider has implemented things. The goal in sharing this info? Not to accuse either Postmark or Microsoft of doing something wrong, but to offer up a potential solution, some actionable advice, if you run into a similar issue.
Long story short, if you generate really long headers, like, in this case, the list-unsubscribe header, or possibly even others, and you’re seeing DKIM signatures failing to validate at Microsoft, shortening those headers is something you should consider testing. Postmark did, and it solved their problem.
And they were kind enough to share this with the world (here) – kudos to them!
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.