DKIM key was provided incorrect

Hi there,

I’m a business user.

I set up our domain and SPF, DKIM. But it is only sending a email to
I tried to my personal Gmail account. but I can not receive it. It is also not on spam box.

I think discourse hosted server has a problem. Moreover, I couldn’t change mail server. I’d just like to change sending server to mandrill instead of discourse hosted mail server.

How can I solve this problem?


Well let’s see:

SPF checks out:

SPF record lookup and validation for:

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 ~all 

DKIM checks out too:

DKIM Record for


This is a valid DKIM key record

I sent a test email from Admin, Email and indeed, DKIM is unhappy:

       spf=pass ( domain of designates 2001:470:1:3c2::b as permitted sender);
Received: from localhost.localdomain (tiefighter6.discourse.internal [])
	by (Postfix) with ESMTP id 6010DA0005
	for <>; Tue, 13 Jan 2015 22:09:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;
	s=discourse; t=1421186970;

It looks like something is modifying the email between you and us?

Are there any intermediate email services or steps between the mail being sent and it arriving in your mail inbox?

We’ll check on our end as well, but we have other customers getting DKIM and SPF pass using the same paths and certs.

I just using discourse hosted service. I don’t think there is no intermediate service between you and use.

Please check hosted server configuration.


Agreed – looks like our catch-all DKIM signing is somehow not working, but works for earlier domains. @supermathie can you give this a look tonight?

Ah - this is the problem. The DKIM record is syntactically correct but is set up using the wrong key.

The records should look like: IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCojtk3fqF69pT6SZcIwoYzjQfdOBTFK7AOyxEGBwHLZ+xqwQQlVgfL6xFZ7FhCYAczkGTCjdChX/qf6dg4LrtXrb+apymj9WpLOwPir6P5Mv9FH3t3BgrQeyyCLhAHqDrUk+kU3B2z1uva3oWw3qN9MLZaX8HjR13w9ywVEgzjpQIDAQAB" IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB"

The reason the signature check is failing is that our signature is trying to be verified against the mandrill public key - that ain’t gonna fly.

For future reference, the result we get from a DKIM check for a hosted domain should be:


    v=	DKIM1
Key type
    k=	rsa
Public key
    p=  MIGfMA0GCSqG...jR13w9ywVEgzjpQIDAQAB

If you have trouble, please feel to let us know immediately rather than changing configuration as we can help with the diagnosis. For example, I’m about to PM you the email logs from the first few messages you apparently tried sending and they show they were indeed delivered to gmail. If you’re having deliverability problems beyond that we can help ensure SPF and DKIM are correctly setup.

1 Like

Aha so the wrong key is being used, make sure your DKIM is correct:

v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCojtk3fqF69pT6SZcIwoYzjQfdOBTFK7AOyxEGBwHLZ+xqwQQlVgfL6xFZ7FhCYAczkGTCjdChX/qf6dg4LrtXrb+apymj9WpLOwPir6P5Mv9FH3t3BgrQeyyCLhAHqDrUk+kU3B2z1uva3oWw3qN9MLZaX8HjR13w9ywVEgzjpQIDAQAB

(edit, was wrong key, this is correct ^^^)

I’ve updated new DKIM key. Thanks check this problem @codinghorror @supermathie

DKIM is passed through, It couldn’t reach at Gmail account.

This screenshot from email account. SPF and DKIM are passed.
Dropbox - Error

Please check it one more time.

Since is hosted at gmail, it is a gmail account.

If you’re having trouble sending to a specific email address, let us know which one and we’ll check our logs. Be sure you have the correct DKIM key in DNS (the incorrect one is still showing).

I just tried it again too and can confirm the DKIM is still failing, even with the new key.

It’s still incorrect - it’s still showing Mandrill’s public key.

@ihwan, please change the key to:


@supermathie I’ve updated it now.

1 Like