DKIM and MailScanner Watermarking

Chris Chapman chapman at
Sat Feb 21 17:40:49 GMT 2015

MailScanner - v4.84.5

I have been running into an issue regarding DKIM with MailScanner and wanted to see if anyone had some input.

Out of the blue, Yahoo started rejecting messages from our servers with the error "554 Message not allowed - [299]”.  While the messages were certainly not spammy, I noticed in their documentation the line "For example, it is against Yahoo Mail's policy to accept messages with malicious content or manipulated header information…”

This led me to wonder about Watermarking, as the feature adds a few header lines to messages. I found if I disable watermarking in MS, messages deliver as expected. Re-enable Watermarking, I get bounces.

In the process of tracking down the cause, I ran a DKIM test, found at

With Watermarking enabled, the DKIM tests fail with the error “Wrong body hash”.  Disable watermarking, the DKIM tests pass.  It seems to me the watermarks are added *after* the DKIM body hash is generated, invalidating DKIM. I believe this is the reason Yahoo is bouncing mail.  But even if I disable DKIM, messages will continue to bounce if the watermark headers are present. So the DKIM may or may not have anything to do with it. 

I have verified the Watermark Header, %org-name% and %org-long-name% do not contain special characters, dots, underscores or spaces and the like.

Does anyone have any experience/input?


Chris Chapman

More information about the MailScanner mailing list