More on DKMI

Would that be "DKIM", DomainKeys Identified Mail -- or is there a different product called DKMI?

DKIM and SPF info is contained in the headers of the email itself.  It will look something like this:

Note that all that info is added by the mail server.  It will only be seen on the receiving end.  Your copy in your Sent folder will not have it.  Because it didn't go thru the mail server.

Ok, thanks Dave. 

-->, I got the feeling that if the DKMI record is installed in the DNS, 
No. It is installed in the sending server and the corresponding TXT record will be create in DNS.

As per your previous thread you already have DKIM option in your hosting provider. Just enable it, You get a DKIM key and then add that TXT value to the DNS

FYI the same thing I have explained here.

Your copy in your Sent folder will not have it.  Because it didn't go thru the mail server.

However for verification / testing purposes, you could always CC your email address. The received message "should" contain the headers.

Alternately if you have a gmail (yahoo, hotmail etc) account, you could send a email there and view the header information to verify

feel free to leave dkim out entirely. useless thech. the more we comply, the more anyone can push their own stuff

You can. use tools like mxtoolbox to check if your records are correct https://mxtoolbox.com/SuperTool.aspx?action=mx%3adomain.com&run=toolpage

Scott, I went to your link & typed in lakoshvac.com, I get the attached. So it's worthless.

DKMI Error.PNG

You need to include the selector used in your DNS record

your-selector._domainkey.yourdomain.com

You might want to remove your domain from your previous post btw ;)

To see if DKIM is set properly, go to

https://www.mail-tester.com

You will get a temporary email address. Send a test email to this email address from your mail server where DKIM is enabled.  Click on the button "Then check your score" to get the score. It will show a warning if DKIM is not set.

To Yujin,

I tried it, it gives the attached.

I have exactly what is asks for & it doesn't work for DKIM.

Another bad one.PNG

Note that mxtoolbox also requires the 'selector' to retrieve the DKIM info.

may i ask which problem/issue you expect dkim to solve ?

as far as i know, there are many better ways to achieve email signing and negligible benefit at best in terms of delivery. if you live in a small city, chances are dkim's cost worldwide is higher than the electricity bill of the whole city. this is a genuine real question : i am actually interested in knowing what real world benefits this tech actually brings.

@skullnobrains , several mail services like MailGun require it.  I think maybe Sendgrid and/or Sendinblue do too.

afaik (until now) mailgun could still be provided with an spf record or an ip address that you own. if your are right, this may be a turn in events. good to know, thanks

note that this has no impact whatsoever on regular email traffic. mailgun is merely a service that sends email/spam on your behalf.

also note that there are many more efficient ways to authenticate known customers using direct connections to a service including but not limited to the above, mtls, regular authentication... dkim is quite overkill.

Business 'transactional' email is being sent thru these services now because they are better at delivering email than individuals are.  They also have the servers and ability to track email better than individual businesses do.

The problem we are trying to solve is the customer is trying to reset his password & the reset request mailed to him from our server is not received by him.
Tests done by those of us on the development team work perfectly.

Attached is the code that sends the email.

The email address of the person claiming not receiving it is in the registered_users database table.

reset_pwd.php

It is not overkill. Having SPF, DKIM, and DMARC  help get your email to an inbox and is very easy to set up, once you have done it the first time.

This question is how to set up DKIM, not the merits of it.

We have provided the "how" and Richard has come back saying it is not working or is not using the tools we have shown correctly.  A quick search for dkim email shows the record is not in the DNS


I thought you said your host provider did this for you?

 reset request mailed to him from our server is not received by him.

Has he looked in ALL spam folders. There will be a spam folder in the email server and also the client which may separate. 

This question is how to set up DKIM, not the merits of it.

I agree, this has gotten (IMO) dangerously close to being driven off topic

Scott, I forwarded your test of DKMI mot being set up at lakoshvac.com to the hosting company. I have used them for close to 20 years & I trust them, but it appears there is a disconnect in this case.

We shall see how they respond.

Thanks for your persistent efforts on this.

Richard

Have you reviewed your logs checking for any reported errors?

Your maillog should tell you if the message was sent if it was delivered

kenfcamp, the intended recipient is NOT a tech person on the East Coast. He is a customer we ae trying to lead through this processes. We don't know if he tried it again today.

The server side says it was sent.

Richard

I do think SkullNoBrains brought up a good point in asking what problem you are trying to solve because the real issue now seems like one person is not receiving email when others are.  The DKIM, SPF etc should get updated regardless.

But when only one person is not getting email, it gets tricky because there are multiple points of failure all of which you do not control.  It could be in the server spam folder, it could be blocked by a local email client, and it could be blocked by one or more anti spam programs on the computer. The first place I would look is his own server's spam folder. At least in gmail this is an easy search. Other servers may be more difficult or require going to the logs as already mentioned.

I would also double check that the email in the database is correct too.

For testing, I might update my php code to cc or bcc myself.

The email is in the database correctly.

I added a CC to myself yesterday.

There have been other reported instances in the past where users said they did NOT receive the email.

The host just informed me that they added the DKMI (& emailed me the thing you did) showing it was done.

I asked them to do the SPF also.

Maybe we are finally getting to the bottom of this.

Richard

I would also double check that the email in the database is correct too.

Richard, have you verified with the customer that the email address on file was correct?

To all,

The Host now added the spf as well. We will try to get the customer to try again.

We are communicating with him using the email as indicated in the database.

Richard

I added a CC to myself yesterday.

Richard, I see in your script, that you setup a 'CC' to your gmail account

1) did you receive the email?

2) did you review the email headers to see if there were any dkim/spf errors ?

(Open email, select the three dots on the top right, and select show original)

We do not believe the customer has tried it today.

Richard

have you setup dkim in your server so the outgoing mail is signed ? you had better do that before adding keys in the dns.

have you setup a working return path for that email ? if so, you might receive a notification that will tell you what is going wrong.

i guess the users checked their spam mailboxes. if you have access to the server, you can check if said email pops in the logs.

sorry for driving this off topic
@scott i meant overkill for the waste of computer resources. not human. it is a global issue.

Here was an email sent today not received (and NOT in spam). Does this have the right DKMI & SPF stuff?

Based on Dave Baldwins earlier coding, seems not.

Or maybe I'm looking in the wrong plce.

2022-06-08 14:15:33 1nywT7-0001xX-Rl <= noreply@lakoshvac.com H=(www.lakoshvac.com) [::1]:53388 P=esmtp S=1615 id=a0c9ab0eec934f5649b2b355dd2cc63c@www.lakoshvac.com T="Verify your Email - Lakos HVAC Product Configurator" for Jmandato@midatlanticllc.com
2022-06-08 14:15:33 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1nywT7-0001xX-Rl
2022-06-08 14:15:33 1nywT7-0001xX-Rl SMTP connection identification H=localhost A=::1 P=53388 M=1nywT7-0001xX-Rl U=lakoshva ID=1094 S=lakoshva B=authenticated_local_user
2022-06-08 14:15:33 1nywT7-0001xX-Rl Sender identification U=lakoshva D=lakoshvac.com S=lakoshva
2022-06-08 14:15:33 1nywT7-0001xX-Rl SMTP connection outbound 1654697733 1nywT7-0001xX-Rl lakoshvac.com jmandato@midatlanticllc.com
2022-06-08 14:15:35 1nywT7-0001xX-Rl => jmandato@midatlanticllc.com Jmandato@midatlanticllc.com R=lookuphost T=remote_smtp H=midatlanticllc-com.mail.protection.outlook.com [104.47.55.138] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes C="250 2.6.0 a0c9ab0eec934f5649b2b355dd2cc63c@www.lakoshvac.com [InternalId=7090991011410, Hostname=DM5PR10MB1305.namprd10.prod.outlook.com] 10456 bytes in 0.198, 51.376 KB/sec Queued mail for delivery"
2022-06-08 14:15:35 1nywT7-0001xX-Rl Completed 

That looks like your outgoing logs and DKIM will not show up there.  It and SPF are checked and added to the email headers when it leaves the mail server, not before.  Send the same email and Cc: yourself.  Then you can look at the headers added by the mail server in the Cc: copy.

Dave, how do I look at the headers? Sorry for the stupid question.

What is your email client?

gmail

dkim requires a plugin or proxy on your outgoing email. did you set that up ?

note that it is very unlikely setting up dkim solves your initial problem

Dave Baldwin,

Attached is the email with headers from the server host claims has SPF & DKIM.

I searched & found SPF, but NOT DKIM. Am is missing it somehow or is it not there?

Thank you,

Richard

email for pwd reset.docx

It's not there.  Did you send that thru the mail server that you mentioned above?  That's the only way it's going to be included.  I sent you an email that will include the DKIM info for my accounts.

Dave, see my email response to yours.

And my reaction.

Richard