What is a DKIM signature?

A DKIM signature is added to the header of an email message in the form of a DKIM-Signature field. Here is an example of what a DKIM-Signature field might look like:

DKIM-Signature: v=1; a=rsa-sha256; d=example.com; s=mail; c=relaxed/simple; q=dns/txt; i=@example.com; h=from:to:subject:date:message-id; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZVoG4ZHRNiYzR

The DKIM-Signature field consists of a series of key-value pairs that provide information about the message, the domain of the sender, and the public key that will be used to verify the signature.

The format of the DKIM-Signature field will vary depending on the specific implementation of DKIM. However, in general, the field will include the following parameters:

  • v: The version of DKIM being used.
  • a: The cryptographic algorithm that was used to create the signature.
  • d: The domain of the sender.
  • s: The selector for the public key that will be used to verify the signature.
  • c: The canonicalization algorithm is used to prepare the message for signing.
  • q: The method used to retrieve the public key.
  • i: The message sender's identity (usually an email address).
  • h: A list of header fields that are included in the signature.
  • bh: The base64-encoded version of the signed message hash.
  • b: The base64-encoded version of the digital signature.

Including this information in the DKIM-Signature field allows the recipient's email server to verify the message's authenticity and ensure that it has not been tampered with during transit.