ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Emails to .mil addresses fail without DKIM

book

Article ID: 172380

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Sending an email to a *.mil address with Symantec Messaging Gateway (SMG) without proper SPF/DKIM/DMARC configuration results in failure of delivery.

550 #5.7.5 DKIM unauthenticated mail is prohibited; Verify DKIM key length is >= 1024B

Cause

The Defense Information Systems Agency (DISA) is requiring all external senders to use sender authentication when sending to a .mil email address. If a sender does not have SPF/DKIM/DMARC configured, the DISA-run .mil servers will automatically reject the mail.

Resolution

Follow the recommendations in Setting up sender authentication for outbound mail for Messaging Gateway.

For assistance in setting up these settings, there are varied tools online that can assist. Providers such as MXToolbox have tools that can help create the DNS records needed.

 

Symantec policy does not allow Enterprise Support Engineers to assist in the creation of SPF, DKIM, or DMARC records.