DKIM Error because of 2 DKIM TXT Records (possibly linked to not delivering emails to hotmail?)

I recently set up MiaB on a fresh and dedicated DigitalOcean droplet by following the guidelines rigorously. Everything hums great.
Because we’re planning newsletters, I added four custom TXT records to validate my domain with Sendinblue (DKIM, SFP, DMARC and one for a sendinblue code).
Then I began testing.

INTRO:
When I sent an email to my hotmail address:

I got an email from Microsoft with the following message:

550 5.7.1 Unfortunately, messages from [my.ip.add.ress] weren't sent.
    Please contact your Internet service provider since part of their network
    is on our block list (S3140). You can also refer your provider to
    http://mail.live.com/mail/troubleshooting.aspx#errors.

I went through the trouble of checking my IP address with Microsoft (SNDS), which said “probably spam or something”, had it reviewed, got it set to “Conditionally mitigated” until my reputation becomes “good” (whatever that means).

In short, now I’m able to send emails to hotmail addresses, but they go to spam.

PART 1 - testing
This got me wondering what the problem may have been. Both mail-tester.com and apps.glockapps.com give me a DKIM error. And glockapps tells me my email goes to spam for both Outlook and Hotmail (whereas most other platforms they test, deliver the mail to inbox).

In short, everything seems ok, except for the DKIM error and the message going to spam for microsoft servers. Are these issues related? Microsoft is probably just shitty, but still, a valid DKIM might probably help to get my emails to Hotmail/Outlook inboxes.

PART 2 - isolating the error (?)
Digging into the DKIM error: https://dkimcore.org/c/keycheck tells me I have 2 TXT records for mail._domainkey.mydomain.com, where I should have only one. Which is true, because I added a DKIM TXT record in the MiaB Custom DNS for Sendinblue to verify my domain.

Further digging made me realize it’s totally fine to have multiple DKIM records, as long as they each have a unique selector. In my case, both use mail._domainkey.mydomain.com.

PART 3 - solution?
I tried changing the DKIM selector for my MiaB by following suggestions I found in a topic here as I’m thinking that Sendinblue wouldn’t change theirs for me… .

To be specific, I did the following:

  • I changed :mail: to :box: in the etc/nsd/zones/mydomain.com.txt file
  • I generated a new key for DKIM by running $ sudo opendkim-genkey --bits=1024 -s box -d mydomain.com in the root@box:/home/user-data/mail/dkim folder

But my MiaB DKIM selector didn’t change from mail to box. As @Alento has pointed out, this would probably not stick after an update anyway.

I realize I’m kind of broaching multiple topics here, and I may have jumped to conclusions along my line of thought - apologies for that, I’m on a steep learning curve here.

Any idea/suggestion/pointers would be much appreciated!

Thanks!

I’m sorry to have urged you to create a new topic and then go awol for 2 days. :frowning:

After looking at Sendinblue documentation, I think that I’d start with the easy approach … ask Sendinblue if they have the ability to use an alternate selector. Explain that your hosting uses the selector mail already and it is not possible to have 2 DKIM records with the same selector … maybe they have encountered this already, and have a simple solution, as the Direct Admin control panel uses the selector mail.

No, the two issues are unrelated. M$ probably blocked the IP address you are on in the past due to a complaint … so they ‘conditionally’ mitigated your IP which allows you to reach the spam box. How nice of them - but I suppose it is something. :frowning:

When you send a email to gmail address, check orginal source, and is SPF show up as successful? I ask because I use sendinblue, and comes up as softpass all the time. No idea why

I get a pass for SPF (Received-SPF: pass) for emails sent from Sendinblue (from the domain I manage with MiaB) to Gmail.

There are various tools that can point you in the right direction:
mxtoolbox.com for instance

It took a long while, and a lot of back and forth, but Sendinblue eventually changed their DKIM selector for me. My email headers are nice and clean, getting a 10/10 score on mail-tester.com.

The delivery to Hotmail and Outlook is still an issue though, as my status went back from Conditionally Mitigated to “Probably spam”. I’m guessing this is because my IP is somehow listed on an obscure blacklist that I didn’t catch when creating a DO droplet for my MiaB.