Emails to .mil addresses fail without DKIM
search cancel

Emails to .mil addresses fail without DKIM


Article ID: 172380


Updated On:


Messaging Gateway


Sending an email to a *.mil address with Symantec Messaging Gateway (SMG) without proper SPF/DKIM/DMARC configuration results in failure of delivery.

550 #5.7.5 DKIM unauthenticated mail is prohibited; Verify DKIM key length is >= 1024B


The Defense Information Systems Agency (DISA) is requiring all external senders to use sender authentication when sending to a .mil email address. If a sender does not have SPF/DKIM/DMARC configured, the DISA-run .mil servers will automatically reject the mail.


Follow the recommendations in Setting up sender authentication for outbound mail for Messaging Gateway.

For assistance in setting up these settings, there are varied tools online that can assist. Providers such as MXToolbox have tools that can help create the DNS records needed.


Symantec policy does not allow Enterprise Support Engineers to assist in the creation of SPF, DKIM, or DMARC records.