Skip to main content
My preferencesSign out
Proofpoint, Inc.

Why does DKIM fail

Situation Why is DKIM failing when mail is processed by Proofpoint?
Solution For certain Proofpoint Essentials features to work, DKIM must be broken


What is DKIM?

Domain Keys Identified Mail, or DKIM,  is a standard that prevents email senders and recipients from spam, spoofing, and phishing.  This form of email authentication allows an organization to add digital Signature to the emails that can be validated by the recipient to check if the email belongs to the legitimate Sender.

Why is DKIM failed by Proofpoint?

Proofpoint Essentials include a number of configurations to help secure your emails, unfortunately a few of these feature require us to break DKIM signatures in order to process or apply settings to your emails.

Inbound Emails

Email Tagging

When enabled this will cause DKIM signature to fail as it requires Proofpoint to apply a tag to your email subject line

Easy-spam-reporting disclaimer

When enabled this will also cause DKIM signature to fail as Proofpoint to required to apply an inbound disclaimer to scanned emails

URL Defense

Feature - Re-write URLs that are located in DKIM signed messages
When this is enabled DKIM signature will also fail as we need to rewrite URLs in DKIM signed emails.
Only applies when an email contains a URL, otherwise DKIM will pass as long as none of the other features above is enabled.

Outbound Emails


When enabled DKIM signature will fail as Proofpoint needs to apply your disclaimer to the bottom your outbound emails.

Disabling any of these features will allow DKIM to pass successfully. If multiple features are enabled then each individual feature must be disabled