Why is my DKIM or SPF authentication partially invalid or failing?

It’s not uncommon for DKIM or SPF records to be partially invalid. This can stem from a number of issues:

  • occasionally, DNS glitches (receiver-side or sender-side) can lead to temporary authentication errors at specific ISPs
  • invalid DKIM key or SPF record
  • inadequate DKIM bit strength
  • DKIM hash mismatch, sometimes caused by a forwarded message
  • too many DNS lookups in SPF record
  • new sending IP is provisioned but not included in an updated SPF record

When any of these issues are the case, we make sure to point out the specific ISPs that are having issues so you can better diagnose the problem.



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time