Jump to content

DKIM for Outbound Email

Guest David Calder

Recommended Posts

HI David,

Its not something we currently support but I would very much like to add support for it at some point in the future.  This is not likely to be in the next 90 days but its on the list of things to be looked at. 


Link to comment
Share on other sites

  • 3 months later...

@jcorfield @David Calder

We had a look at this today and have planned some development work to happen in the next 90 days for e-mail related stuff including.. (in this priority order)

* DKIM support for outbound DNS routed mail delivery
* A code change for dealing with CRLF normalisations and use of CHUNKED data transmission
* Direct inbound SMTP mail delivery to Hornbill

You will see these additions in release notes as we roll out over the next 90 days. 


Link to comment
Share on other sites

Good afternoon Gerry

Over the past few weeks we have received bounce back emails from 0365 which relate to a Bare Line Feed issue. Victor has posted the following on topic "Bare line feeds (Email Issue)" the following:

Posted Wednesday at 04:18 PM · Report post

Just a quick update on this issue. Our investigation so far reveals the issue to be isolated to emails which are using templates (specifically the CK Editor we are using when designing email templates). All other outbound emails (such as email sent from our mail interface and email sent using default and not edited templates) are not affected. This is not caused by any change we have done recently in Hornbill.

For Office 365 users it occurs because until recently, Office 365 automatically removed bare line feed characters from mail to help it get delivered to recipients using email servers that don’t support chunking and the BDAT command (such as Hornbill).To comply with RFC 2822, Office 365 no longer removes bare line feeds from messages. As a result, messages sent to users from Hornbill may be more likely to be rejected.

For other mail services users (e.g. MS Exchange) the issue could occur due to SMTP connector changes whereby the connector is now configured to reject bare line feeds.

Currently we working to get Hornbill mail in line with RFC 2822 requirements (https://forums.hornbill.com/topic/10012-dkim-for-outbound-email/).


For the time being we suggest the following possible workarounds:

create an inbound transport rule on your mail server to append a disclaimer to the messages from Hornbill. The disclaimer will append the expected CR-LF combination to the message so that it can be delivered. This disclaimer may consist of a single character such as a period or a dash (https://support.microsoft.com/en-us/help/2998901/-smtpsent.barelinefeedsareillegal-ndr-received-by-exchange-online-or-eop-users-in-office-365-dedicated-itar).
avoid the use of email templates which have been edited in the email template editor - CK Editor - (out of the box templates which have not been edited should not have this issue). 


We currently use templates to notify our customers regarding updates, 3 strike rules & general correspondence, which was set up by the Consultants team. Because Hornbill are not yet inline with the RFC 2822 requirements our customers can not receive our emails. Am I right in saying that the templates out of the box (untouched) shouldn't be affected? If so can our templates be reset back to the default and re-created?


FW- Undeliverable- IN00009208 - *Headoffice - Bell Lane- ITIM Service Desk Incident ENT9865 has been logged for Head Office - has been logged..eml

Link to comment
Share on other sites

@Stephen Hutchinson

Thanks for the information, I was aware of this issue and today we added a fix for this. Basically its possible to introduce UNIX style line feeds from our front end web components by copy/paste or template editing etc.  To combat this we have added server-side code to "normalize" email content before we construct the RFC2822 message envelope, this solves the problem.  Microsoft with Office365 are absolutely correct in making this change, our own inbound SMTP handler also has the same lenient approach to handling Bare Linefeeds which we are also going to lock down.  

Anyway, the upshot is that fix will be going  through testing and beta over the next 2-3 days, and subject to there being no issues this fix will be pushed live early next week. 


Link to comment
Share on other sites

  • 3 years later...


I need to check, but I am pretty sure DKIM is not yet implemented for outbound mail, I cannot really remember why that is now, I will need to look back that the history. It made it into our 90-day backlog looking at my comments above but did not make it into the platform as best I can tell. So, no, not at this time I am afraid. 


Link to comment
Share on other sites

  • 5 months later...
  • 4 months later...

Hi All,

Just to close this out, we have now added DKIM support as discussed above.  For each domain you have configured on your instance, you can create an RSA public/private key, which can either be 1024 or 2048 bit key size. Once created and added to your domain in the DNS system, you can verify your public DNS settings. Once verified, then Hornbill will digitally sign your outgoing emails using DKIM.  Setting it up is simple, see the screen below. 

This will be available in the next platform and admin tool updates, probably by the end of this week. 


Screenshot 2021-04-27 at 09.41.07.png

Link to comment
Share on other sites

  • 2 years later...

Afternoon All,

I appreciate that this is an old post, but thought it a good place as any to place a follow up query. As show in the screenshot from @Gerry above, we have enabled DKIM and added the appropriate TXT record to our domain DNS. However, everytime the Verify DKIM button is pressed to verify the record, we receive the same as above:

No matching DKIM TXT entry found

I suspect that I know why. We have added a TXT record with a custom selector, not the one that is default(DKIM). This is because it would not be practical to have the selector be so ambiguous, as we will have multiple DKIM entries for other 3rd Party providers. My question therefore is, how to we change the DKIM Selector value in the admin portal as it does not seem to be editable? I have checked through the settings that it I could find, but nothing?



Link to comment
Share on other sites


It seems that you can set the DKIM selector at the point you create the domain and enable DKIM, but once its set, you cannot edit it.  I am not sure that logic is correct, I expect what was intended was, once you verify the DKIM status it should then prevent you from editing the DKIM selector.  I will ask someone to have a look and verify this to confirm

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...