DKIM and MailScanner Watermarking

Scott B. Anderson sbanderson at
Mon Feb 23 14:32:35 GMT 2015

> -----Original Message-----
> From: mailscanner-bounces at [mailto:mailscanner-
> bounces at] On Behalf Of Chris Chapman
> Sent: Saturday, February 21, 2015 11:41 AM
> To: mailscanner at
> Subject: DKIM and MailScanner Watermarking
> MailScanner - v4.84.5
> I have been running into an issue regarding DKIM with MailScanner and wanted
> to see if anyone had some input.
> Out of the blue, Yahoo started rejecting messages from our servers with the
> error "554 Message not allowed - [299]”.  While the messages were certainly not
> spammy, I noticed in their documentation the line "For example, it is against
> Yahoo Mail's policy to accept messages with malicious content or manipulated
> header information…”
> This led me to wonder about Watermarking, as the feature adds a few header
> lines to messages. I found if I disable watermarking in MS, messages deliver as
> expected. Re-enable Watermarking, I get bounces.
> In the process of tracking down the cause, I ran a DKIM test, found at
> With Watermarking enabled, the DKIM tests fail with the error “Wrong body
> hash”.  Disable watermarking, the DKIM tests pass.  It seems to me the
> watermarks are added *after* the DKIM body hash is generated, invalidating
> DKIM. I believe this is the reason Yahoo is bouncing mail.  But even if I disable
> DKIM, messages will continue to bounce if the watermark headers are present.
> So the DKIM may or may not have anything to do with it.
> I have verified the Watermark Header, %org-name% and %org-long-name% do
> not contain special characters, dots, underscores or spaces and the like.
> Does anyone have any experience/input?
> Thanks!
> Chris Chapman

I also have run into this issue.  It started late last year with Yahoo rejecting replies and forwards but not original messages.
I do not use DKIM at my site.  I set :

Multiple Headers = append
Place New Headers At Top Of Message = yes

This seemed to make Yahoo stop rejecting replies and forwards, FWIW.   Not sure what else this might break in your configuration.

I am not certain why this helped, it would seem contrary to the help text around these options.

Also, it would appear you could make this a ruleset, so you could set to append and everything else to add, as the help text suggests.

Scott Anderson


Rely On Us.
ImproMed LLC

More information about the MailScanner mailing list