I use AWS SES for sending mail and CloudFlare for DNS. I set up DKIM following this tutorial. It works well.
When a user provides a hotmail.com address and forwards it to Gmail, I receive an email such as:
mx.google.com gave this error:
This mail is unauthenticated, which poses a security risk to
the sender and Gmail users, and has been blocked. The sender
must authenticate with at least one of SPF or DKIM. For this
message, DKIM checks did not pass and SPF check for [...] did not pass
with ip: [...]. The sender should visit
https://support.google.com/mail/answer/81126#authentication
for instructions on setting up authentication. ...
Original message headers:
Received: from ...PROD.OUTLOOK.COM
...
Resent-From: <[email protected]>
...
Authentication-Results: spf=pass (sender IP is ...)
smtp.mailfrom=...; dkim=fail (signature did not verify)
header.d=...;dmarc=pass action=none header.from=...;compauth=pass
reason=100
...
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=2c2dtovttix6omay...; d=...; t=16791...;
h=Content-Type:From:To:Subject:Message-ID:Date;
bh=kVq8FB...=;
b=XTEQr2EZ30...=
The headers suggest that SPF passed and DKIM failed, contrary to the initial text. I'm not sure why.
Can I make the DKIM on my domain also work when forwarding email from Hotmail to Gmail?
Update
I created a Hotmail address and sent an email from the same sender and the forwarding succeeded. I also sent another email from a different domain name that I also own and almost never use, so I'm sure that my gmail never saw that second sender.