Mail Delivery Failed - DKIM 550 Error
One such email issue our customers face is 550 permanent failures for one or more recipients. Recipient mail servers typically allow all the genuine emails, but due to various reasons, an email can be rejected by the recipient mail server.
Example bounce-back message:
Based on the bounce-back message above, we see that there is a DKIM signature incorrect for the domain younivhost.com. Another bounce-back message that related to DKIM as below:
Example bounce-back message based on the bounce-back message above, we see that the DKIM Public Key is unavailable for domain younivhost.com.
The main reason why you're receiving this error is the receiver server does not validate the email. They have enabled "Reject DKIM Failures" on Exim configuration at their server. This is why you're receiving 550-DKIM: encountered the following problem validating domain.
To solve this issue, kindly follow the steps below:-
Connect to your server via FTP. Then, navigate to the private key directory that is /var/Cpanel/domain_keys/private
Right-click on domain name and click Rename
Rename the domain with something else. Ex: younivhost-a.com
Next, navigate to the public key directory that is /var/Cpanel/domain_keys/public
Right-click on the domain name and click Rename. Rename the domain with something else. Ex: younivhost-a.com
To generate a new private and public key, you can generate it at the server via SSH and the interface. For SSH, you can access your server as root.
Generate a private key
Generate a public key
In SpamExpert interface also generates the key. Login to SpamExpert Control Panel > Domain Overview > Search domain name > Click Configure
Navigate to Outgoing > DKIM
For DKIM key length, choose 2048 bits (Recommended). For the DKIM selector, put Default. Then, click Generate
Set the new DKIM DNS record into a related DNS zone for the domain
Now, the DKIM should be corrected, and you will be able to send emails to the other server.
Example bounce-back message:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
admin@younivhost.com
host mytpack.com [111.221.46.49]
SMTP error from the remote mail server after end of data:
550-DKIM: encountered the following problem validating younivhost.com:
550 signature_incorrectBased on the bounce-back message above, we see that there is a DKIM signature incorrect for the domain younivhost.com. Another bounce-back message that related to DKIM as below:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
admin@younivhost.com
host mytpack.com [111.221.46.49]
SMTP error from remote mail server after end of data:
550-DKIM: encountered the following problem validating younivhost.com:
550 pubkey_unavailableExample bounce-back message based on the bounce-back message above, we see that the DKIM Public Key is unavailable for domain younivhost.com.
The main reason why you're receiving this error is the receiver server does not validate the email. They have enabled "Reject DKIM Failures" on Exim configuration at their server. This is why you're receiving 550-DKIM: encountered the following problem validating domain.
To solve this issue, kindly follow the steps below:-
Connect to your server via FTP. Then, navigate to the private key directory that is /var/Cpanel/domain_keys/private
Right-click on domain name and click Rename
Rename the domain with something else. Ex: younivhost-a.com
Next, navigate to the public key directory that is /var/Cpanel/domain_keys/public
Right-click on the domain name and click Rename. Rename the domain with something else. Ex: younivhost-a.com
To generate a new private and public key, you can generate it at the server via SSH and the interface. For SSH, you can access your server as root.
Generate a private key
OpenSSL genrsa -out younivhost.com.key 2048Generate a public key
openssl rsa -in younivhost.com.key -out rsa.public -pubout -outform PEMIn SpamExpert interface also generates the key. Login to SpamExpert Control Panel > Domain Overview > Search domain name > Click Configure
Navigate to Outgoing > DKIM
For DKIM key length, choose 2048 bits (Recommended). For the DKIM selector, put Default. Then, click Generate
Set the new DKIM DNS record into a related DNS zone for the domain
Now, the DKIM should be corrected, and you will be able to send emails to the other server.
Updated on: 21/06/2022
Thank you!