DKIM and WordPress: The Hidden Problem That Can Make Microsoft Reject Your Emails

Since May 2025, Microsoft has tightened the rules for accepting emails on its domains (Outlook, Hotmail, Office 365). It now requires high-volume senders to comply with strict authentication standards such as SPF, DKIM, and DMARC. But even when these requirements are met, many WordPress administrators are discovering that their emails still fail DKIM validation—especially when using WooCommerce and SMTP plugins like WP Mail SMTP. In this article, we explain why this happens and how to fix it.

If you’re seeing messages like this in your SMTP logs… Don’t panic!

host hotmail-com.olc.protection.outlook.com[52.101.9.13] said: 550 5.7.515 Access denied, sending domain PECADOOORR.COM doesn’t meet the required authentication level. The sender’s domain in the 5322.From address doesn’t meet the authentication requirements defined for the sender. To learn how to fix this see: https://go.microsoft.com/fwlink/p/?linkid=2319303 Spf= Pass , Dkim= Fail , DMARC= Pass

What is DKIM?

DKIM (DomainKeys Identified Mail) is an authentication method that allows the recipient of an email to verify that the message truly came from the sending domain and was not altered in transit. This is achieved through a cryptographic signature generated by the sending server and a public key published in the domain’s DNS.

Key elements of DKIM:

  • Selector: identifies the specific key used.
  • Public key: published in the domain’s DNS.
  • DKIM signature: added to the email header.
  • Signed fields: parts of the message included in the signature.
  • Body hash (bh=): ensures the integrity of the email content.

The Problem with WordPress + WooCommerce + WP Mail SMTP

In practice, many WordPress users who run WooCommerce and send emails via WP Mail SMTP find that Microsoft rejects their emails—even when SPF, DKIM, and DMARC are correctly configured. The issue lies in the MIME structure of the message, not the signature itself.

Detected issue:

The message is not properly formatted as multipart/alternative, which causes the body hash to mismatch and DKIM to fail.
Microsoft is particularly strict about verifying that the MIME body exactly matches what was signed.

This issue has already been documented in the Stalwart repository (https://github.com/stalwartlabs/stalwart/issues/437), where it was found that certain plugins fail to generate properly formatted multi-part email bodies.

Solution: Change the SMTP Plugin

By using a different SMTP plugin that correctly formats messages as multipart/alternative, the problem goes away and DKIM validation succeeds.

Recommended plugins:

  • Post SMTP Mailer/Email Log: offers granular control over headers and message body.
  • FluentSMTP: modern, lightweight, and with good MIME compatibility.

Problematic plugin:

  • WP Mail SMTP (free version): in some versions, it generates HTML content without proper MIME encapsulation, which breaks DKIM.

Best Practices to Avoid DKIM Issues in WordPress

  • Use an SMTP provider that signs emails with DKIM (e.g., Mailgun, SES, SendGrid, Meytel).
  • Verify that SPF, DKIM, and DMARC records are correctly published.
  • Don’t dynamically change the “From” field unless the domain matches the signed one.
  • Make sure email content is properly generated as multipart.
  • Use tools like Mail Tester or DKIM Validator to check your configuration.

Conclusion

This problem is a clear example of how a seemingly correct configuration can fail due to a subtle detail. If you’re sending emails from WordPress with WooCommerce and using SMTP plugins, ensure your messages are correctly formatted as MIME multipart/alternative. Only then will Microsoft (and other strict providers) accept your emails without unjust rejections.

Additional Resources:

Suscríbete a nuestra newsletter

No enviamos spam!

Puedes leer el artículo completo en esta web

Copyright (c) 2022 · Meytel it´s simple