Google server 69 failing DKIM

I feel like I’m always consistently seeing a Google IP that ends in “69” that fails DKIM with the same selector as all of the other IPs that are fine. Often, that same server is also listed as having passed DKIM too.

Maybe I’m just trying to get too granular, but I’d love to at least know why this happens and more importantly, is there something I’m supposed to be doing to fix this.

I see this across many different clients all of whom have their primary email and MX on Google Mail. I suppose the 69 thing may just be Bill&Ted stuck in my head like the number 22… but it does feel real and might be an extra clue to someone, particularly if they reserve that server for something like autoreplies or bounces or something that might be causing this to happen.

Hi Cheyenne,

Our tools can help solidify any trend or pattern that you see. For instance, If you are looking as Google as a source, you can expend our filters using the “advanced filters” drop down and specify Google as the sending source. Further more, you can specify the DKIM raw verdict of fail, expend the time period of the search to the entire month of February. You will find that doing so returns result overwhelmingly sent from the IP you singled out.

If you can get your hands on an actual sample, I would follow up with Google with this search result and sample after confirming that all of your NS are properly configured into answering the DNS query with the correct DKIM record.

I hope this helps!

1 Like

Very helpful as always Asher. Thank You.

I dug way too far into this and what I think is happening is that Google chooses to report the IP 209.85.220.69 as the source IP address in the DMARC XML reports… though when I find the actual headers it is a different IP address like 209.85.220.41.

So this is less about what actually happened and more about how Google chooses to report… and why I think I keep seeing a disproportionately sized amount of forwarded gmail from this 69 IP address.