DKIM Syntax
The syntax of DKIM is defined by RFC 6376, which specifies the format and rules for the DKIM-Signature header field, the public key DNS record, and the signing and verification algorithms.
The DKIM-Signature header field consists of a series of tag-value pairs, separated by semicolons, that provide information about the DKIM signature. The tags are case-insensitive and have the following meanings:
| Tag | Description |
|---|---|
| v | The version of DKIM. The current version is 1. |
| a | The algorithm used to generate the hash and the signature. The supported algorithms are rsa-sha1 and rsa-sha256. |
| b | The signature data, encoded in base64. |
| bh | The hash of the email content, encoded in base64. |
| c | The canonicalization algorithm used to normalize the email headers and body before hashing. The supported algorithms are simple and relaxed. |
| d | The domain of the signing entity. |
| h | The list of header fields that are included in the signature, separated by colons. |
| i | The identity of the signing agent, which can be a subdomain or a user within the signing domain. |
| l | The length of the email body that is signed, in bytes. If omitted, the whole body is signed. |
| q | The query method used to retrieve the public key. The supported method is dns/txt, which means the public key is stored in a TXT record in the DNS. |
| s | The selector that identifies the public key to use for verification. |
| t | The timestamp of when the signature was created, in seconds since 00:00:00 on January 1, 1970 UTC. |
| x | The expiration time of the signature, in seconds since 00:00:00 on January 1, 1970 UTC. If omitted, the signature does not expire. |
| z | The original header fields that were signed, encoded in base64. This tag is optional and only used for debugging purposes. |
An example of a public key DNS record is:
Selector:
dkimkey._domainkey.example.com.Value:
"v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfjgu4wJ4hm7T3cjhYfyX3WfZwLGNqJtU2Ol1i8sT1o3F1FbZI4P7FqQW7MkMfsHnY6f7loG+RwkZsKdowq+8Gg9G2xRF1YJynBKLpdX4eR4Q2m5F3LjMfQSSMmN1CRrSeyRGNVQqjxweG5lJfR0GZsT7hnrccllH+oL1HhQIDAQ"Related Topics
- What is DKIM? - An introduction to DKIM and its role in email authentication
- How Does DKIM Work? - Technical details about DKIM implementation and operation
- Why is DKIM Important? - Benefits and significance of implementing DKIM
- Limitations of DKIM - Current constraints and challenges