Valid DKIM but "body hash did not verify" error on Outlook / Hotmail / Live?

Server Fault Asked by Persson on August 23, 2020

Why do I get dkim=fail (body hash did not verify) on Outlook / Hotmail / Live when I have a valid DKIM setup in place?

I’ve made sure that my SPF, DKIM, DMARC records are set up correctly and the DKIM record on my domain matches my servers DKIM key.

When sending emails from my domain to Google etc, I get SPF = Pass, DKIM = Pass, DMARC = Pass and it’s over a secure connection. All good.

When sending to with the same config I get the error:
dkim=fail (body hash did not verify). Why ?

Does anyone have an idea why that is?

I’m using Postfix on Debian 9 with SpamAssassin.

My DNS records are old, it’s not because of DNS propagation.

I’m using Thunderbird as a client to send emails.

One Answer

This was an issue with special characters for us. Compare source code or the 'original' email in Gmail vs. source code of the same email in Hotmail and you will find the ones causing DKIM to fail. It was the -- and ' characters for us (encoded with words, not numbers.) It was okay if it is encoded in HTML, but not if it is added as text, and then pasted inside the HTML.

Microsoft is not recognizing them, applying canonicalization, and removing them which is causing the body hash to not verify.

Answered by A. Lucero on August 23, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP