I set up our domain and SPF, DKIM. But it is only sending a email to user@brightstorm.com
I tried to my personal Gmail account. but I can not receive it. It is also not on spam box.
SPF record lookup and validation for: brightstorm.com
SPF records are published in DNS as TXT records.
The TXT records found for your domain are:
v=spf1 include:_spf.google.com include:spf.mandrillapp.com include:datadrivenemail.com include:_hostedspf.discourse.org ~all
DKIM checks out too:
DKIM Record for discourse._domainkey.brightstorm.com
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J
/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrK
sn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKy
nO8/lQIDAQAB;
This is a valid DKIM key record
I sent a test email from Admin, Email and indeed, DKIM is unhappy:
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of noreply@brightstorm.com designates 2001:470:1:3c2::b as permitted sender) smtp.mail=noreply@brightstorm.com;
dkim=fail header.i=@brightstorm.com
Received: from localhost.localdomain (tiefighter6.discourse.internal [10.0.0.6])
by tieinterceptor2.discourse.org (Postfix) with ESMTP id 6010DA0005
for <name@gmail.com>; Tue, 13 Jan 2015 22:09:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=brightstorm.com;
s=discourse; t=1421186970;
bh=CLr4dgO5S758AGcNmwc1tBrh7ev2oVN83E2qqpBvFws=;
h=Date:From:Reply-To:To:Subject:From;
b=ZN9FZT8QwEy+H5k+t/wwC9Uoy1GLdXqS6SeOszdv/32HVSeHk0yn/RN4koGsoN1t3
+QJsjkJp/l371sEi/8rdzfpP0sQ1qbHA1iTmmHHFL9FwxBeckltu4/p1gHo+Mknqq7
NRUPDMqOKgP1EQShvmrOA/d3rfJtU5yIST+2rhtA=
It looks like something is modifying the email between you and us?
Are there any intermediate email services or steps between the mail being sent and it arriving in your mail inbox?
We’ll check on our end as well, but we have other customers getting DKIM and SPF pass using the same paths and certs.
Ah - this is the problem. The DKIM record is syntactically correct but is set up using the wrong key.
The records should look like:
discourse._domainkey.brightstorm.com IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCojtk3fqF69pT6SZcIwoYzjQfdOBTFK7AOyxEGBwHLZ+xqwQQlVgfL6xFZ7FhCYAczkGTCjdChX/qf6dg4LrtXrb+apymj9WpLOwPir6P5Mv9FH3t3BgrQeyyCLhAHqDrUk+kU3B2z1uva3oWw3qN9MLZaX8HjR13w9ywVEgzjpQIDAQAB"
mandrill._domainkey.brightstorm.com IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB"
The reason the signature check is failing is that our signature is trying to be verified against the mandrill public key - that ain’t gonna fly.
For future reference, the result we get from a DKIM check for a hosted domain should be:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCojtk3fqF69pT6SZcI
woYzjQfdOBTFK7AOyxEGBwHLZ+xqwQQlVgfL6xFZ7FhCYAczkGTCjdChX/qf6dg4LrtXrb+apy
mj9WpLOwPir6P5Mv9FH3t3BgrQeyyCLhAHqDrUk+kU3B2z1uva3oWw3qN9MLZaX8HjR13w9ywV
EgzjpQIDAQAB
Version
v= DKIM1
Key type
k= rsa
Public key
p= MIGfMA0GCSqG...jR13w9ywVEgzjpQIDAQAB
If you have trouble, please feel to let us know immediately rather than changing configuration as we can help with the diagnosis. For example, I’m about to PM you the email logs from the first few messages you apparently tried sending and they show they were indeed delivered to gmail. If you’re having deliverability problems beyond that we can help ensure SPF and DKIM are correctly setup.
Since brightstorm.com is hosted at gmail, it is a gmail account.
If you’re having trouble sending to a specific email address, let us know which one and we’ll check our logs. Be sure you have the correct DKIM key in DNS (the incorrect one is still showing).
