Shopify/SendGrid DKIM Fail 'temperror'

Hi all

I am having a terrible time trying to figure out what could possibly be causing this particular scenario where my Domain Report says Shopify Inc has 50% DKIM alignment (1 of 2 emails).

When I look at the raw XML, both emails have source_ip that belong to SendGrid (Shopify uses SendGrid API).

Note that I have confirmed with Shopify that all of my DMARC records are correctly configured in DNS and they have validated them with their tooling.

Would anyone have any ideas, or like to speculate, what might be happening here? I don’t understand why some SendGrid IPs pass and others fail.

Thanks in advance

I had a similar issue with SendGrid and Stamped.IO. Both were trying to use the same CNAME entry. Found an article on how to set custom CNAME selectors for SendGrid, leaving the default selectors for Stamped.IO. Both have been at or near 100% alignment after this change.

1 Like

Isn’t the answer simply: one of the two mails were processes by the receiver with a failing DNS response for the DKIM record, see the “tempfail” in the raw xml.

BTW: By expanding the “+ *” you should see two records and get a readable form of the differences of the two mails (“Unique IP Count=2” shows that they were sent via two different servers}.

1 Like

Thanks KJessel

I might not have been clear but Shopify seems to use SendGrid API for mail but I have no control of that beyond my SPF, DKIM & DMARC records.

Unlike an account with SendGrid where I’m sure you can be very particular with the settings, like the selector.

Thank you, ronvdburg. Good tips.

I’m not sure what this tells me other than what you said (it failed to get a DNS response from GoDaddy?)

Sendgrid allows you to configure custom selectors. If Spotify is like Stamped.IO, you must use the default SendGrid selectors, which causes the conflict. Change the SendGrid selectors to custom, and the conflict is resolved.

Thanks KJessel but I don’t even have a SendGrid account. Shopify uses the SendGrid API to send mail but there’s nowhere in the Shopify platform to “customise” the selectors for the SendGrid implementation. Oh well.

Hopefully it’s something else causing it because if it’s what you’re saying it might be then there’s no solution from what I can tell.

Thanks anyway

Sorry for not responding earlier.
You have a good point with “I’m not sure what this tells me other than what you said (it failed to get a DNS response from GoDaddy?)”.
Indeed it doesn’t tell you a great amount, but you see that server o37 (actually was correctly processing both SPF and DKIM; but it was server o39 having the “temperror”.
The “temperror” tells you that it is not a structural/persistent error.
So, you could regard it as a one-time glitch.
On the other hand, if it bothers you, or you ‘just want to understand’, or if this glitch is intermittent, then you could check other reports whether the temperror only happens with server o39, or with others also.
Just thinking out-of-the-box, it could also be explained by a change in the DKIM DNS record at the time of processing in o39.

1 Like

Hmm, that I find difficult to believe. If the selector was the issue, then I would expect that mail from all shopify servers would fail. Not only but also for o37.

1 Like

Excellent, and thank you. I tend to agree with it being a one-off but I have seen it with other servers too. I’ll keep monitoring, maybe the issue will subside on its own.