Mailpoet’s DNS record invalid – empty DKIM1 key

  • Resolved kashmiri

    (@kashmiri)


    1 year, 11 months ago

    Just to note that one of the two Mailpoet’s DKIM records required for email deliverability is misconfigured (missing key).

    mailpoet1._domainkey.example.com is an alias to dkim1.sendingservice.net which has a corrupted content:

    "v=DKIM1;p=".

    There should be a 2048-bit public key after p=.

    The problem has been ongoing for at least a few weeks, possibly months.

    While the backup record (mailpoet2._domainkey.example.com aliasing to dkim2.sendingservice.net) appears correct, the corruption in the primary record may be responsible for some of the email failures reported on this forum.

    Only Mailpoet admins can fix it

    • This topic was modified 1 year, 11 months ago by kashmiri.
Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi there @kashmiri,

    Thanks for reaching out!

    I passed the information you shared to our devs and I’ll get back to you once I hear from them.

    Cheers!

    Hello @kashmiri, thank you for taking the time to post about this.

    This is expected as the DKIM key mailpoet1 is actually a retired key (inactive). The only active key we’re using for DKIM signing, as of today, is mailpoet2.

    We are following the M3AAWG recommendation to retire inactive DKIM keys after rotation by setting the ‘p’ field to empty (‘…p=’). Therefore, any DKIM with an empty ‘p’ field indicates that the key was intentionally retired.

    Thank you, again, for bringing what you have considered an issue to our attention.

    Thread Starter kashmiri

    (@kashmiri)

    Hi @mhadidg, thanks for the explanation. My bad – coming from the Google Workspace environment, where there’s no automated or mandated key rotation, I wasn’t familiar with the practice.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Mailpoet’s DNS record invalid – empty DKIM1 key’ is closed to new replies.