Stephen Daniel writes:
What a mess. My domain used to be managed by domains.google.com, which got sold to Squarespace. I looked at my DNS records on Squarespace and I cannot find anything resembling normal DKIM records.
Do you mean Squarespace allows you to manage your own DNS records and you're looking at it in the management interface (in which case they should give you a list of all records). Or are you looking for $SELECTOR._domainkey.XXX.org using a DNS lookup application (in which case they may have rotated keys and changed the selector on you)?
I do see a CNAME record for _domainconnect.domains.squarespace.com, which seems suspicious. I also see a CNAME record for *randomname* with the value *randomstring.* dv.googlehosted.com.
I don't see why that would be suspicious. This kind of configuration can be useful when "the server" is a cloud application.
How any of this ever worked I do not know. I think it is time to move my domain to Cloudflare and set up DKIM from scratch.
Generally that's a good idea if you know what you're doing.
Stephen Daniel writes
550 5.7.9 This mail has been blocked because the sender is unauthenticated. Yahoo requires all senders to authenticate with either SPF or DKIM. Authentication results: DKIM = FAILURE - SPF XXX.org with ip X.Y.Z.W = SUCCESS.
That is quite weird -- it says SPF authentication *succeeded*, which should be sufficient. It's possible it's a Yahoo misconfiguration which will fix itself, as far as SPF is concerned. But you should still find out what's going on with DKIM.
Steve
-- GNU Mailman consultant (installation, migration, customization) Sirius Open Source https://www.siriusopensource.com/ Software systems consulting in Europe, North America, and Japan