DKIM and Return-Path not detected when a test email is sent

[EusebiuOprinoiu]

Hello!

I'm having an issue that affects multiple websites when using both Mailgun and Postmark. When a test email is sent, some domain checks fail, even though all the required DNS records exist. (SPF, DKIM, DMARC, Return-Path) In the case of Mailgun, the DKIM record is not detected. For Postmark, the Return-Path.

Expected Behavior

Emails should be sent without any errors or warnings.

Possible Solution

I'm guessing you are checking against a curated list of selectors and that mine aren't in it. If that's the case, would you, please, consider including them? For Mailgun, I use mailgun as my DKIM selector, and for Postmark I use postmark for the Return-Path CNAME.

[capuderg]

Hi @EusebiuOprinoiu,

For Mailgun we are currently testing against these known selectors: 'pic', 'mailo', 'mx', 'krs', 'k1', 'mta', 'email', 's1', 'smtp'. Did you define this mailgun selector yourself or did Mailgun assign this selector for your DKIM record?

For Postmark, is your Return-Path using the same domain name or is it different? We are currently checking these two subdomains 'pm-bounces', 'bounces' of the domain used in the From Email address in our plugin settings. Are you using a different subdomain?

The problem with DKIM selectors and Postmark Return-Path, is that the values can be custom and we can't verify them 100%. That's why we also mark these two as warnings and not errors in our Domain Checker results in our Email Test.

If you know the records are there and the emails are sending OK, you can ignore those warnings.

[EusebiuOprinoiu]

They are both custom values. I have multiple DKIM and CNAME records and to easily identify them, I always set the selector as the name of the service, unless it's not possible to change. (as far as I know, this is standard practice for many sysadmins)

My DKIM configuration usually looks like this:

• default._domainkey
• google._domainkey
• mailgun._domainkey
• etc

For the Return-Path I also prefer to use the service name as the subdomain if possible. This makes it easy to identify when multiple CNAME records exist and it also looks nice in the email details. Gmail, for example, shows this value in the mailed-by header. (below the usual from, to, date, and subject fields)

I know you can't possibly check for every selector, but you should also check for service-name selectors, in addition to their usual defaults. (and not only for Mailgun and Postmark, but for all SMTP providers you integrate with)

[capuderg]

Hi @EusebiuOprinoiu,

I can see that you have a good system going on 👍 . And you are definitely an advanced user.

You are the first one that actually suggested this approach. Another user could have a bit modified approach and then another a bit different subdomain as well. This way we could be adding subdomains for each of our users and the list would get too long... We can only try to implement changes that will benefit most (or at least a large portion) of our users.

If other users will also use this approach we will definitely add this to our domain checker.

Take care!

[EusebiuOprinoiu]

That's true. I only suggested you add the service-name to the list of preapproved selectors because it's a commonly used naming scheme in the industry.

For DKIM, almost everyone either uses the original selector as generated by each service, or a generic one like mta, mail, email, smtp, or service-name. For Return-Path, common values are bounce, bounces, or service-name.

For truly custom selectors, I wouldn't have bothered opening this ticket. But at the end of the day, you have the final say.