diff --git a/derek.yml b/derek.yml
index dd5e9a4..3be02f7 100644
--- a/derek.yml
+++ b/derek.yml
@@ -3,24 +3,23 @@ provider:
   gateway: http://127.0.0.1:8080
 
 functions:
-  derek-0913:
+  derek-0110:
     handler: ./
-    image: alexellis/derek:0.9.13
+    image: ghcr.io/alexellis/derek:0.11.0
     lang: dockerfile
     environment:
       debug: true
       customers_url: https://raw.githubusercontent.com/alexellis/derek/master/.CUSTOMERS
       validate_hmac: true
-      validate_customers: false
+      validate_customers: true
       secret_path: /var/openfaas/secrets/ # use /run/secrets/ for older OpenFaaS versions
       write_debug: true
-      read_timeout: 10s
-      write_timeout: 10s
-      combine_output: false
+      read_timeout: 15s
+      write_timeout: 15s
+      combine_output: true
     environment_file:
       - secrets.yml
       # See secrets.example.yml
     secrets:
       - derek-secret-key
       - derek-private-key
-
diff --git a/handler/comment_handler_test.go b/handler/comment_handler_test.go
index 8c8707e..4eb5f35 100644
--- a/handler/comment_handler_test.go
+++ b/handler/comment_handler_test.go
@@ -4,6 +4,7 @@
 package handler
 
 import (
+	"log"
 	"os"
 	"strings"
 	"testing"
@@ -12,6 +13,10 @@ import (
 	"github.com/google/go-github/github"
 )
 
+func Test_fixCommitsMessage(t *testing.T) {
+	log.Println(fixCommits)
+}
+
 func Test_getCommandTrigger(t *testing.T) {
 
 	triggers := getCommandTriggers()
diff --git a/handler/pullrequest_handler.go b/handler/pullrequest_handler.go
index c132850..c5ea43f 100644
--- a/handler/pullrequest_handler.go
+++ b/handler/pullrequest_handler.go
@@ -187,13 +187,39 @@ func VerifyPullRequestDescription(req types.PullRequestOuter, contributingURL st
 	}
 }
 
+const fixCommits = `### :bulb: Shall we fix this?
+
+This will only take a few moments.
+
+First, clone your fork and checkout this branch using the git CLI.
+
+Next, set up your real name and email address:
+
+` + "`" + `git config --global user.name "Your Full Name"` + "`" + `
+` + "`" + `git config --global user.email "you@domain.com"` + "`" + `
+
+Finally, run one of these commands to add the "Signed-off-by" line to your commits.
+
+If you only have one commit so far then run: ` + "`" + `git commit --amend --signoff` + "`" + ` and then ` + "`" + `git push --force` + "`." + `
+If you have multiple commits, watch [this video](https://www.youtube.com/watch?v=8j0H6urZ-bU).
+
+Check that the message has been added properly by running "git log".
+`
+
 func anonymousCommitComment(contributingURL string) string {
-	return `Thank you for your contribution. It seems that one or more of your commits have an anonymous email address. Please consider signing your commits with a valid email address. Please see our [contributing guide](` + contributingURL + `).`
+	return `Thank you for your contribution. It seems that one or more of your commits have a "Signed-off-by" statement with an anonymous email address. The [Developer Certificate of Origin (DCO)](https://en.wikipedia.org/wiki/Developer_Certificate_of_Origin) requires all commits to be signed off by genuine, contactable individuals. Please see our [contributing guide](` + contributingURL + `).
+
+	` + fixCommits
 }
 
 func unsignedCommitComment(contributingURL string) string {
-	return `Thank you for your contribution. I've just checked and your commit doesn't appear to be signed-off. That's something we need before your Pull Request can be merged. Please see our [contributing guide](` + contributingURL + `).
-Tip: if you only have one commit so far then run: ` + "`" + `git commit --amend --signoff` + "`" + ` and then ` + "`" + `git push --force` + "`."
+
+	return `Thank you for your contribution. unfortunately, one or more of your commits are missing the required "Signed-off-by:" statement. Signing off is part of the [Developer Certificate of Origin (DCO)](https://en.wikipedia.org/wiki/Developer_Certificate_of_Origin) which is used by this project.
+
+Read the DCO and [project contributing guide](` + contributingURL + `) carefully, and amend your commits using the git CLI. Note that this does not require any cryptography, keys or special steps to be taken.
+
+` + fixCommits
+
 }
 
 func emptyDescriptionComment(contributingURL string) string {
@@ -442,6 +468,7 @@ func updateUnsuccessfulDCOCheck(checks *github.ListCheckRunsResults) github.Upda
 	now := github.Timestamp{time.Now()}
 	text := `Thank you for your contribution. I've just checked and your commit doesn't appear to be signed-off.
 	That's something we need before your Pull Request can be merged.`
+
 	title := "Unsigned commits"
 	summary := "One or more of the commits in this Pull Request are not signed-off."
 
diff --git a/secrets.example.yml b/secrets.example.yml
index c420e75..15a1384 100644
--- a/secrets.example.yml
+++ b/secrets.example.yml
@@ -1,3 +1,2 @@
 environment:
-  secret_key: com.openfaas.www
   application_id: 1234