DKIM Signature Invalid on mail-tester.com – CyberPanel [SOLUTION]
General fix: [SOLUTION]
No matter whether your domain is hosted on Cloudflare, GoDaddy, etc. this will work on all.
Quick fix (change TTL of default._domainkey to 600 seconds or less.)
default._domainkey is a DKIM TXT record value.
- DigitalOcean Droplet
- Rainloop Mailbox (comes with CyberPanel)
- Domain hosted in GoDaddy
DKIM signature invalid
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
default._domainkey.domain.com – Copy the value and later we’ll modify it.
"v=DKIM1; h=sha256; k=rsa; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0pYyIwZbshTfop3LMiHFU7Hql9/qRHb2w/0eT2tPdoVZ8KaRNsbqmbNwt+emo+hSYj36m25r0s1MmWRwnOEWVSZOfhD0qUuKDyALNXT4wCa2uQKmkDP7Y5CLo9AEdCyctliYpjcII2cLqGZJ0+TEcJUdOObLAdzsqGxjKwcb43jcuMgx6jVAFQecCXlHZeD9y6yGQ8pFtFHt2" "c4zD1/0sBJPb1COvOosEmZ7CBa5bKHRe+tPgrdyP6WYgfmVnN0k0RfFxnVdFpgO+QhyR+GzhvCtjiP6qJtIwlG0rXSUBzqE/6BL0oDYKVXDYxBzrekkTcgOEuCIb6SxU672orkCQIDAQAB"
So, you need to remove the 6 quotation marks ” “ manually depending on your domain host.
e.g and the final result must be like the below.
v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0pYyIwZbshTfop3LMiHFU7Hql9/qRHb2w/0eT2tPdoVZ8KaRNsbqmbNwt+emo+hSYj36m25r0s1MmWRwnOEWVSZOfhD0qUuKDyALNXT4wCa2uQKmkDP7Y5CLo9AEdCyctliYpjcII2cLqGZJ0+TEcJUdOObLAdzsqGxjKwcb43jcuMgx6jVAFQecCXlHZeD9y6yGQ8pFtFHt2 c4zD1/0sBJPb1COvOosEmZ7CBa5bKHRe+tPgrdyP6WYgfmVnN0k0RfFxnVdFpgO+QhyR+GzhvCtjiP6qJtIwlG0rXSUBzqE/6BL0oDYKVXDYxBzrekkTcgOEuCIb6SxU672orkCQIDAQAB
remove quotation before v=DKIM1
remove quotation after k=rsa;
remove quotation before p=
remove the last quotation.
Don’t remove any quotation inside p=
and then add that record in txt default._domainkey
by default TTL will be 1 Hour. ALERT!
change TTL of default._domainkey to 600 seconds.
and then test again mail with mail-tester_com and am sure this time the error fixed. If the error is fixed then again change the TTL of default._domainkey to 1 Hour.
Start Testing – Pick an email from email-tester.com
goto to the website mail-tester.com and pick the email.
Send an email to the mail you pick from email-tester.com
The response is: DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
Now change the TTL value
Set TTL of default._domainkey to 600 seconds. Later I’ll set again it to 1 Hour.
After changing the TTL value, go to mail-tester.com and reload the page. this time a new mail was generated. Copy the mail and again send an email through your server.
Now again change the TTL value to default or 1 Hour (36000 seconds).
Further How to Create a reverse DNS record?
Reverse Domain Name Service (DNS) records are essential for those running a mail server because many recipient servers reject, or mark as spam, all email that originates from an unauthenticated server. As am using DigitalOcean so, I can share the specific details.
The Reverse DNS has been configured automatically from our end based on the droplet’s hostname.
You have no PTR records.
DigitalOcean will automatically create a PTR record for a server when you rename the host Droplet to the fully qualified domain name of a domain you are managing on your account.
To check Mail Health visit
mxtoolbox.com the tool will help you with Reverse DNS (PTR Records).
I hope this article is helpful.