Tech

DKIM signature and its validity

Ramon L. Kay July 8, 2024

DKIM signature:

DKIM: Domain Keys Identified Mail

DKIM is an authentication method for standard emails to add a digital signature for outgoing messages. The mail server, which receives mail signed with DKIM, confirms that the message was sent by the actual sender and not by the person who impersonated the sender.

Steps to set DKIM:

  1. Generate a key pair to configure with DKIM:

The tool that should be used depends on the operating system of your device. For ideal work, use Mx Toolbox.

  1. Create a public key; the key should be a TXT record in DNS settings.

After selecting the DNS provider, change the settings according to your needs. Some of the servers seem more difficult to set up or navigate than others.

  1. Create and store the DKIM signature.

Common tags in DKIM singnature:

Confirm the email delivery by applying or using a unique digital signature to the message.

Version (v): Specify the version of DKIM that is used. Example: “vv=DKIM1” means version 1 of DKIM.

Algorithm (a): Generate the signature by a cryptographic algorithm. ‘a’ indicates the algorithm. The most common algorithms are rsa-sha256 and rsa-sha1. Example: “a=rsa sha256”.

Domain (d): It is necessary to specify the domain that owns your DKIM key to generate the digital signature. Example: “dd=example.com”

Selector (s): A specific DKIM selector that is used to locate the public key of DKIM in the record of DNS. Example: “s=dkim2024”.

Signed Header (h): In the DKIM signature computation, the header list was included. Any changes in the headers may lead to the DKIM signature failing.

Signature (b): The signature contains the generated cryptographic signature for the complete message.

Example: “b=digital signature.”.

The way to the check DKIM signature is valid:

Checking the DKIM signature for a particular domain and its content is a significant process to determine the valid sender. It helps to know dkim signature is not valid or valid.

* Navigate to the DKIM Validator a Network tool; it helps to analyze the email header to confirm that a digital signature is signed using a private key and that the signature is a valid one.

* Select the field to analyze the DKIM domain keys.

*Enter the domain name and selector in the bar or field to check the validity.

* Click the arrow or submit button near the field to search for the domain.

* If the field is green, it shows the validity of the digital signature.

* If it shows a result like “No Record” or “DKIM record found,”.