Introduction
DKIM is an email authentication method that enables senders to associate a domain name with an email message, allowing the recipient to verify that the email was sent by an authorized sender and that the message was not tampered with during transmission. When implementing DKIM, there are two essential components: the DKIM signature and the DKIM public record. In this article, we will explore the differences between these two components.
DKIM signature
The DKIM signature is a digital signature that is added to the header of an email message by the sending server. It uses a private key to sign the message, and the receiving server can use the public key to verify the signature. The DKIM signature contains information about the sender's domain name, the selector used to generate the signature, and a hash of the message body and header.
DKIM public record
The DKIM public record, on the other hand, is a DNS record containing the public key used to verify the DKIM signature. It is published by the domain owner in the DNS zone for their domain. The DKIM public record is used by the receiving server to retrieve the public key that corresponds to the private key used to generate the DKIM signature.
Differences between DKIM Signature and DKIM Public Record
The DKIM signature and the DKIM public record are two different components of the DKIM authentication system. The sending domain adds the DKIM signature to the email message header, while the DKIM public record is published as a DNS record in the DNS zone for the sending domain.
The DKIM signature is generated using a private key, which is unique to the sending domain and includes information about the sender's domain, the selector used to generate the signature, and the algorithm used to generate the signature. The DKIM public record contains the corresponding public key necessary to verify the DKIM signature and includes information about the selector used to generate the signature, the encryption algorithm used, and the actual public key.
Here's an example of a DKIM signature for the domain example.com:
DKIM-Signature: v=1; a=rsa-sha256; d=example.com; s=selector1;
c=relaxed/simple; q=dns/txt; h=From:To:Subject:Date:Message-ID;
bh=AbCdEfGhIjKlMnOpQrStUvWxYz0123456789+/AbCdEfGh=;
b=AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCdEfGhIjKlMnOpQrStUvWxY
z0123456789AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCdEfGhIjKlMnOpQ
456789AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCdEfGhIjKlMnOpQrStUvW
xYz0123456789AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCdEfGhIjKlMnOpQr
StUvWxYz0123456789AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCdEfGhIjKlMn
bCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCdEfGhIjKlMnOpQrStUvWxYz012345
6789AbCdEfGhIjKlMnOpQrStUvWxYz0123456789AbCdEfGhIjKlMnOp
Here's an example of a DKIM public record for the domain example.com:
selector1._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgH53D8ZiijewJQzYjU7O6oKBEiU7G 6UvBc14NjG+w0q0xJhNq3P32oY5TX5jF/21Lu5awRiLJGY7dfwpXQfyIcZRMzjvYOMV7YQ LF70ocqIyKj+FO/lLbS9uX9im8T7DUTGv4Y4iC4irH+8yjIgBvAvoXeRgmRd5/fDhQIDAQAB;"
Conclusion:
In summary, DKIM is an email authentication method that allows email recipients to verify the authenticity of emails sent by authorized senders. The DKIM signature and the DKIM public record are two important components of the DKIM authentication system. The DKIM signature is a digital signature added to the email message header by the sending domain, while the DKIM public record is published as a DNS record in the DNS zone for the sending domain. The DKIM signature is generated using a private key unique to the sending domain, while the DKIM public record contains the corresponding public key necessary to verify the DKIM signature.
