Messages to outlook.com fail DKIM check but no other company fails it

Question

I'm trying to send emails to people that have outlook.com or have their domains email hosted by office 365 from my business email server and I keep going to SPAM. In the headers it looks like maybe the reason is a DKIM failure. But, DKIM passes for all other companies I've sent emails to (Google, Yahoo, comcast, etc.).

Web searches show others having this issue but the resolution is unclear. Outlook.com doesn't seem to care or want to respond.

I'm at a loss right now on what to do. Anyone able to help or have suggestions?

Answer 1

I think the quotes around the name in the From header were the main issue for me. When I still got the bounce after I had already made that change, I looked carefully at all the headers again, trying to find anything unusual about those that get signed. I removed the final semicolon at the end of the boundary string in Content-Type, since it is not needed there, but except for that, everything seemed absolutely fine.

A few days later, I suddenly realised I did not see any new bounces of this kind for a while. When I checked my DMARC reports, I found several reports with "DKIM=pass, SPF=fail". All of those used to fail their DKIM checks, too, and would end up rejected. Now they cause a warning about SPF, but are delivered just fine. I do not know if the issue with the quoted email was really as silly as an extra semicolon that somehow was removed before validation, if there was a DNS refresh issue with my DKIM keys for that particular recipient, or if Microsoft finally patched something that had not yet made it to iomartcloud.com.

In any case, it seems for me, the vast majority of the bounces were indeed caused by the quotes, which Microsoft decided to add to the From header after I had signed it, and before their software validated the signature. (I really have no idea why they think this is in any way acceptable behaviour for email software.) Since nobody else did such a thing, DKIM validation of my emails only failed on Outlook Enterprise servers.

If you share the headers of a message that bounced, I can offer you a second set of eyes to go over them. Maybe you also have something in them that Microsoft decided it needs to tweak a bit before checking the signature.

Answer 2

Just logged in here to reply that I have the same problem. I've checked multiple hosting servers, and Enterprise Outlook is the only one that fails the DKIM Authentication. Microsoft can definitely spend some time and figure out what is happening there (one can spin up a free server somewhere else, and send e-mails to his microsoft/outlook address to figure out what is happening, but seems that, as always, they don't give a dime).
I believe Sebi even resolved half of their issue, I don't understand why they are not acting on it.

Answer 3

Hi Sebastian

Thanks for your very answer. I just noticed the errors in the DMARC reports - they are not consistent - but when they occurs it is from Outlook Enterprise. We are a small fraternal organization not hosting our own email server (we use a hosting provider) - and the members sends from different email clients.

Answer 4

Sabya,

Thanks for your response.

I've signed up for SNDS but I'm working through getting my IP's added to my account so I can view the details there. Actually, before asking the community here I opened a ticket through sender support but they only seemed to tell me that my IP's look fine (no details, just they look fine). They have made no comment on DKIM signature verification which to me seems to be the problem. I asked specifically about DKIM but they dodged the question so I'm still at a loss as to why we are failing their checks.

Thanks,

Ryan.

Answer 5

Did you find a solution? I seem to experience the same problem