A DKIM signature is added to the header of an email message in the form of a DKIM-Signature field. Here is an example of what a DKIM-Signature field might look like:
DKIM-Signature: v=1; a=rsa-sha256; d=example.com; s=mail; c=relaxed/simple; q=dns/txt; email@example.com; h=from:to:subject:date:message-id; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZVoG4ZHRNiYzR
The DKIM-Signature field consists of a series of key-value pairs that provide information about the message, the domain of the sender, and the public key that will be used to verify the signature.
The format of the DKIM-Signature field will vary depending on the specific implementation of DKIM. However, in general, the field will include the following parameters:
- v: The version of DKIM being used.
- a: The cryptographic algorithm that was used to create the signature.
- d: The domain of the sender.
- s: The selector for the public key that will be used to verify the signature.
- c: The canonicalization algorithm is used to prepare the message for signing.
- q: The method used to retrieve the public key.
- i: The message sender's identity (usually an email address).
- h: A list of header fields that are included in the signature.
- bh: The base64-encoded version of the signed message hash.
- b: The base64-encoded version of the digital signature.
Including this information in the DKIM-Signature field allows the recipient's email server to verify the message's authenticity and ensure that it has not been tampered with during transit.