Error guide / DKIM signature verification failed
DKIM fail: signature does not verify
A DKIM fail means the digital signature on your email did not match the key published in your domain's DNS. The recipient could not confirm that the message really came from you and was not altered on the way. As a result the mail loses trust: it lands in spam more often, and together with DMARC it may be rejected entirely.
Check your site
What causes it
The DKIM record in DNS is usually at fault: the key is missing, was copied with an error, or went stale after a mail server change. Another cause is an intermediate service (a newsletter or forwarding) that changed the message in transit and broke the signature.
How to fix it
- Find the DKIM selector (for example default._domainkey) and the public key in your mail settings.
- Confirm the matching TXT record actually exists in DNS and was copied in full, with no line breaks or spaces.
- If you changed hosting or mail providers, generate a new key and update the DNS record.
- In cPanel, DKIM is enabled under Email Deliverability, which shows what is missing in DNS.
- For third-party newsletters, add a separate DKIM record issued by that specific service.
- Send a test email to Gmail and check the original to confirm DKIM shows pass.
Related errors
Found problems?
Slow hosting, SSL trouble or frequent downtime? Move to TomisHost: fast hosting with free SSL, daily backups and free migration help.
TomisHost hosting