Specified in RFC6376 Section 3.4ĭomain for the DNS lookup to get the public key Message canonicalization (how is the message prepared before signing?). There is only version 1 right now as far as I knowĪlgorithms used for hashing (sha256) and signing (RSA) The values are explained in RFC6376 key=value This is what a DKIM-Signature looks like: You can use DMARC to specify what a mail server should do if a DKIM signature is wrong. If you are using Thunderbird you can install DKIM Verifier to see if the DKIM signature is valid. Therefore it needs the public key of Alice which is stored in a DNS record Bob’s mail server verifies the DKIM-Signature.The mail server forwards the message to Bob’s mail server.with RSA) and adds a DKIM-Signature header to the email The mail server does the DKIM magic: It signs the email of Alice (e.g.The email goes to the mail server Alice has configured in her mail client.High level perspective - How does it work? So you can be sure that the message was not modified. If your mail server supports DKIM (Domain Keys Identified Mail), it signs the email headers and body with a known key. I just got a ‘Signature wrong’ message and couldn’t find out what the problem was. I recently had an issue with my DKIM signatures. The RSA part takes more place than originally planed.
We also take care about the signing itself (RSA). Tldr: We take an email and verify the DKIM-Signature step by step using python.
