DKIM issues are usually caused by missing DNS keys, stale DNS after migration, or mail being routed through a service that is not configured to sign with the published selector.
Common symptoms
- Recipients see DKIM fail
- Mail headers show no DKIM signature
- Email tests say the public key cannot be found
Troubleshooting steps
- In cPanel, confirm DKIM is enabled for the domain if local mail service is in use.
- Check the published DKIM TXT record and make sure it matches the selector and key expected by the server.
- If the domain uses an external mail provider, publish that provider's DKIM records instead of the cPanel-generated one where required.
- Remove stale or duplicate DKIM records left over from previous providers.
- Send a fresh test message and inspect the headers after DNS propagation.
Additional notes
- Changing mail providers without replacing DKIM records is a common cause of failure.
- Some DNS providers split long TXT records automatically; this is normal when formatted correctly.
When to contact support
Contact support if local mail is enabled but new messages are still not signed.