diff --git a/app/config.py b/app/config.py
index a7a7073f..b3d132f6 100644
--- a/app/config.py
+++ b/app/config.py
@@ -157,7 +157,6 @@ DISABLE_ALIAS_SUFFIX = "DISABLE_ALIAS_SUFFIX" in os.environ
 UNSUBSCRIBER = os.environ.get("UNSUBSCRIBER")
 
 DKIM_SELECTOR = b"dkim"
-DKIM_HEADERS = [b"from", b"to"]
 DKIM_PRIVATE_KEY = None
 
 if "DKIM_PRIVATE_KEY_PATH" in os.environ:
diff --git a/app/email_utils.py b/app/email_utils.py
index d0fd4073..c6a5659a 100644
--- a/app/email_utils.py
+++ b/app/email_utils.py
@@ -31,7 +31,6 @@ from app.config import (
     NOT_SEND_EMAIL,
     DKIM_SELECTOR,
     DKIM_PRIVATE_KEY,
-    DKIM_HEADERS,
     ALIAS_DOMAINS,
     SUPPORT_NAME,
     POSTFIX_SUBMISSION_TLS,
@@ -391,7 +390,31 @@ def get_email_domain_part(address):
     return address[address.find("@") + 1 :]
 
 
+# headers used to DKIM sign in order of preference
+_DKIM_HEADERS = [
+    [b"Message-ID", b"Date", b"subject", b"from", b"to"],
+    [b"from", b"to"],
+    [b"Message-ID", b"Date"],
+    [b"from"],
+]
+
+
 def add_dkim_signature(msg: Message, email_domain: str):
+    for dkim_headers in _DKIM_HEADERS:
+        try:
+            add_dkim_signature_with_header(msg, email_domain, dkim_headers)
+            return
+        except dkim.DKIMException:
+            LOG.w("DKIM fail with %s", dkim_headers)
+            # try with another headers
+            continue
+
+    raise Exception("Cannot create DKIM signature")
+
+
+def add_dkim_signature_with_header(
+    msg: Message, email_domain: str, dkim_headers: [bytes]
+):
     delete_header(msg, "DKIM-Signature")
 
     # Specify headers in "byte" form
@@ -402,7 +425,7 @@ def add_dkim_signature(msg: Message, email_domain: str):
             DKIM_SELECTOR,
             email_domain.encode(),
             DKIM_PRIVATE_KEY.encode(),
-            include_headers=DKIM_HEADERS,
+            include_headers=dkim_headers,
         )
         sig = sig.decode()
 
diff --git a/email_handler.py b/email_handler.py
index fa4bd926..b6aa5dde 100644
--- a/email_handler.py
+++ b/email_handler.py
@@ -577,7 +577,7 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
     if user.ignore_loop_email:
         mail_from = envelope.mail_from
         for mb in alias.mailboxes:
-            # email send from a mailbox to its alias
+            # email sent from a mailbox to its alias
             if mb.email == mail_from:
                 LOG.w("cycle email sent from %s to %s", mb, alias)
                 handle_email_sent_to_ourself(alias, mb, msg, user)