Body Hash Did Not Verify

Hi there,
We have set up all the necessary settings for DMARC, SPF and DKIM.
Everything looks fine but if we analyze the header we still get the message “Bodz Hash not verified” anyone has any idea why this happens?
We have this issue on Google Mails, MS O365 mails and even on Plesk sent emails.
Thanks for any hint

Hi Gunther and welcome to the forums

The reason for this error can be numerous, but it boils down to the hash of the email body recorded in the DKIM signature not matching the hash calculated upon receipt. It is difficult to advise without knowing a lot more about your email infrastructure and the path the email takes. That being said, in my experience it boils down to 2 main issues most of the time.

Incorrect public key record published in DNS
DKIM works with a key pair. The private key used by the sending email server, and the public key used by the receiving server to perform the signature check. If the public key record is for a different private key than the one used, the hash check will fail with the error mentioned.

Changes during transit
This is the most common but also the most broad. This could be due to changes made by intermediate mail servers, such as adding a footer, modifying whitespace, or altering line breaks in the email body. This is common if the server doing the signing is upstream in the email path prior to hitting your external gateway.

I wish you success in finding your issue!

1 Like

Hi Asher,
The DKIM check shows that everything on our side is OK an correct. I strongly assume that the second point is our issue. I already investigated on that but couldn’t find any abnormality in our “standard” email delivery based on a Gmail account (Receiving and sending from a Google account).
Anyway looking forward to may find once a solution or explanation.
Thank you very much for your feedback.