This morning I woke up to the third day in a row of an informational email coming from Google stating that there is a problem with my email. First off, some background information is necessary. In an effort to fight the worsening problem of spam, there is a mechanism called DomainKeys. In essence, the DomainKeys mechanism signs an outgoing email to verify that the email did indeed come from the domain that it claims to. It’s such an effective method that it gets a lot of the low hanging fruit and a lot of the low effort spammers that do not even bother to implement it in any way or shape. In other words, the design is absolutely brilliant. Well, I just discovered that my outgoing emails to Google were failing the signature process.
This was puzzling because everything was working so I couldn’t figure out for the life of me what, if anything, had changed. Since DomainKeys depends upon a text record in DNS to check the signature of the email, I first suspected a problem with that text record. A simple query resulted in something strange similar what is below:
default._domainkey.goblackcat.com. 300 IN TXT "v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fvkhqzx+QPKPHX2dE1HcaTbDE2NdPZb/cCvAJ9deNa0ZeVAjlIsW3hqR0W+eA+e0lPfg6pKKc2i8ynlGTrnFEMc9+ZYfe4lK4NICqdkz9M/sJU41fSmYNKjsNKQTJFwuAH0+XrNl50FdS+Xjzy6" "INl7CHtPI/rfsPeLdH+QWEm3z1Mgoz8u75gBatk44Tn2r9G1P/dTBSTZIxat8lqFSQjN+XeYDA1ZY4lfdlGgCku3ywPRrAtNXVnwYA/syKnHYbpfANZ+fQvD3buvPhII1GOR09g5XzNdPr1mEfTMnmreOkWIYseizQNYnQtdjjZprsL/RFN/iqp1RFTc5yZb" "TwIDAQAB"
At the end of all that mumbo jumbo is an extra quoted piece of text called a string in computer science lingo. Initially I thought there was something wrong here and that was why the signature was failing. So thinking that an update somewhere caused a problem, I regenerated the keys used for signing and placed the public one back into DNS. Everything was still failing. It turns out, as I typically do, I overthought the problem at hand. The problem lay in the simple fact that the software in charge of outgoing email was simply unable to read the file containing the signature key. A simple change in permissions and, voila, DomainKeys are working again.
We really need clearer and more descriptive errors. I had to start with the problem and work backwards from there. Obviously, I am very concerned with the reputation of my domain. I don’t want to end up being listed on a domain blacklist for non-compliance. I am only sorry I waited until this morning to truly tackle the issue. My little personal email server will usually be eyed with some more scruitiny considering 99% of people out there use Big Corporate Email. I want to have my own email server because I don’t feel like giving Big Corporate Email anything more to mine.