2 - dkim check
DKIM (DomainKeys Identified Mail) allows senders to prove that the email was actually sent by them and has not been modified after being sent.
It achieves this by affixing a digital signature (seal), linked to a domain name, to each outgoing email message.
Only if the message has NOT been signed correctly:
the !! (attention) symbol is added to the subject,
one of the following explanatory notes is inserted in the message header, line “X-RealSender”:
:: dkim-none :: no DKIM-Signature headers (valid or invalid) were found
:: dkim-fail :: a valid DKIM-Signature header was found, but the signature does not contain a correct value for the message
Sometimes it’s not possible to execute the check:
:: dkim-invalid :: there is a problem in the signature itself or the public key record. I.e. the signature could not be processed
:: dkim-temperror :: some error was found which is likely transient in nature, such as a temporary inability to retrieve a public key
When the message has been signed using a different domain, a “diff” notice is added:
This warning will NOT appear if the sender passes the SPF check:
:: dkim-diff :: the message has NOT been signed by the sender's domain