After setting up a verified domain under the JIRA Organization (verified all SPF and DKIM settings are correct). We changed the JIRA project to send as our company domain. However, emails coming out of JIRA fail DMARC authentication due to bad DKIM authentication by Atlassian. The DKIM is verified against the atlassian domain and not our company domain. So the DKIM is not aligned and DMARC fails the message so it ends up in Spam or totally rejected.
Headers from email show DKIM is checked against d=atlassian.net and d=sendgrid.info, but nothing about d=mycompanydomain:
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=mycompanydomain.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=atlassian.net; h=from:to:in-reply-to:references:subject:mime-version:content-type; s=s1; bh=4uWfLAkrLO3ENH35Y0WCPV8TY1I=; b=uYVXlxSnslXMbVQWA1Z732k 2ihnhYFrCfVJJLq+v4Ed90xoWVAjuavFm4GFKNvb1WzIMb71rDlKRB4y8sOAC2hi 9Zy2KM5MdsHKTStUoF1C1MmcbqtBFA2fX17ocCZrkfkVPFEUKK7/F41YvX6SKcso wqDnsnAtVfKK1R06LIPg= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.info; h=from:to:in-reply-to:references:subject:mime-version:content-type:x-feedback-id; s=smtpapi; bh=4uWfLAkrLO3ENH35Y0WCPV8TY1I=; b=GbFkHl8qMdSX4JAy8v y5lyr8bvUVuZvy/l38TZhVtsDdBLxJWH6BL14J3o/pVNkHIrPNxFuSI4jCXmZp8J sOYXltDFIlrcvGgRmasL9RWCqroRdWbRAO1SY9pwwo/8NC/JZazq8QZR1xR9rXUq QYDYKLxHy6I7MZC6elcIm/rPU= R
seems like there is a known issue regarding this https://jira.atlassian.com/browse/JRACLOUD-40169
but for us if this keeps failing then we can't deploy the solution. Has anyone been able to work with Atlassian support to get DKIM to authenticate properly and ultimately pass DMARC.
This is still an issue for us as well. We have tried setting up multiple domains and verifying them and all of them fail the DMARC and end up in Junk/Spam for our customers. This issue alone will cause us to switch to zendesk. Customers think we are not responding to help desk tickets since they are in their Junk.
This is odd - we are getting the "Be careful with this message" warning on Gmail in our organization. The message headers show that DKIM, SPF and DMARC all pass but are not sure why it is still showing the error to our users?
Anyone else found the fix or the exact issue on this?
Hi, we had the exact same problem and as far as I could see the DKIM validation is done towards the atlassian.net domain and not your company domain used as sender address. we ended up with not using Jira Service Desk much because of this. :(
We are now using Salesforce where we created our own DKIM by a few clicks. This was then added in our company server (DNS) and outbound emails are therefore DKIM validated towards my company domain. No warnings are shown in gmail anymore.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events