Can email forwarding break DKIM?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Yes, but it depends entirely on what the forwarder does to the message.
DKIM works by creating a cryptographic signature over a set of headers and the message body. As long as those signed parts stay unchanged, the signature holds up anywhere, including after forwarding. That's actually DKIM's biggest advantage over SPF. Your email can pass through intermediate servers and the DKIM signature travels with it, still valid at the end.
Simple alias forwarding, where the email is passed along without modification, usually keeps DKIM intact. So if your colleague's inbox auto-forwards to their personal Gmail, DKIM typically survives that hop.
Mailing lists and some forwarding setups are a different story. They often modify the message. A mailing list might add a subject tag like "[Marketing-List]", append an unsubscribe footer to the body, or rewrite headers. Any change to a signed field invalidates the hash. DKIM fails.
The pattern is consistent in practice: plain alias forwarding leaves DKIM alone, list software usually breaks it. For cases where DKIM does break, ARC can help. It records the authentication state before the modification happened, giving the final receiver evidence of what the original email looked like before it was touched.
You can verify your DKIM setup is correct with our free DKIM record lookup. If the key is missing or misconfigured, forwarding will be the least of your problems.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.