How to use DomainKeys Signature and DKIM Signature

DomainKeys is a technology proposal that can bring black and white back to this decision process by giving email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent. To learn more detail about DomainKeys, please refer to

DKIM is a similar technology as Domainkeys. To learn more detail about DKIM, please refer to RFC4871.

Now, EASendMail provides a way to add DomainKeys signature and DKIM signature to your email.

How DomainKeys/DKIM works?

DomainKeys/DKIM combines of a public key cryptography and a DNS to provide credible domain-level authentication for email.

When an email claims to originate from a certain domain, DomainKeys/DKIM provides a mechanism by which the recipient system can credibly determine that the email did in fact originate from a person or system authorized to send email for that domain.

Therefore, to sign an email with DomainKeys/DKIM, you MUST have a private key/pulic key pair for email signing.

sign dkim in c#, vb, c++/cli

Make key-pair certificate

First of all, we need to generate a certificate which contains public key/private key. We can use MakeCert.exe (.NET Framework Tools) to generate certificate like this:

makecert -pe -n "CN=mydomainkeys" -ss my -sr LocalMachine -a sha1 -sky signature -r -len 1024
Then you can check the certficate like this:
Windows Start Menu -> input:

press enter.

MMC -> File Menu -> Add/Remove Span-in
Add -> Choose "Certificates" -> Computer Account -> Local Machine -> Finish -> Close.

Then you should find the certificate at 
"Certificates(Local Computer) -> Personal -> Certificates"

Another way to get certificate (recommended)

If you don't have MakeCert.exe tool, you can use this online tool to generate the certificate

Create X-DK-File

To sign the DomainKeys with EASendMail, we need to create a text file with notepad. and save it.

If you get certificate by MakeCert.exe, please use the following syntax

// For example:
// We create a adminsystemdomainkeys.txt and contains the following content.

dk_s: s1024
CertStore: machine
CertStoreName: my
CertSubjectName: mydomainkeys

// dk_d is the email sender domain,
// dk_s is the domain public key  selector.
// CertSubjectName is the keyword in certificate subject.
// If you want to disable DKIM or DomainKeys, you can add
// DKIM:no
// or
// DomainKey:no

If you get certificate by online tool, please use the following syntax

//then the adminsystemdomainkeys.txt should contain the following content

dk_s: s1024
PFXPath: c:\my cert\adminsystem.pfx
PFXPassword: mypassword

// dk_d is the email sender domain,
// dk_s is the domain public key  selector.
// PFXPath is the PFX file full path.
// PFXPassword is the PFX file password.
// If you want to disable DKIM or DomainKeys, you can add
// DKIM:no
// or
// DomainKey:no

Finally, we just need to add this line in your code:

[VB, VBA, VBScript, ASP - DomainKeys and DKIM Header]
oSmtp.AddHeader "X-DK-File", "c:\adminsystemdomainkeys.txt"

[C++ - DomainKeys and DKIM Header]
oSmtp->AddHeader( _T("X-DK-File"), _T("c:\\adminsystemdomainkeys.txt"));

[Delphi- DomainKeys and DKIM Header]
 oSmtp.AddHeader( 'X-DK-File', 'c:\adminsystemdomainkeys.txt'); 

EASendMail will generate the DomainKeys signature automatically.

Deploy Public Key

We also need to deploy the certificate Public Key to your domain DNS server. You can export the public key by the online tool:

You can also use the following code gets the public key of the certificate:

[VB, VBA - Get Public Key]
oSmtp.AddHeader "X-DK-File", "c:\adminsystemdomainkeys.txt"
MsgBox oSmtp.DK_PublicKey

Once you get the public key, you should set a TXT record in your domain DNS server. For example: your selector is s1024, your domain is, then you should create a TXT record for and set the following content in the record.       text =

        "t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmKsozkVJqlNAGsvn1LoJPmoZl8nizv6pIuOV5P

To learn more detail about Public Key deployment, please refer to

Test DomainKeys and DKIM

Please go to to test your DKIM and DomainKeys signature.

Online Example

Send Email with DomainKeys and DKIM - VB6
Send Email with DomainKeys and DKIM - VC++
Send Email with DomainKeys and DKIM - Delphi

See Also

Using EASendMail ActiveX Object
Registration-free COM with Manifest File
User Authentication and SSL Connection
Enable TLS 1.2 on Windows XP/2003/2008/7/2008 R2
Using Gmail SMTP OAUTH
Using Office365 EWS OAUTH
Using Hotmail SMTP OAUTH
From, ReplyTo, Sender and Return-Path
Digital Signature and Email Encryption - S/MIME
Send Email without SMTP server(DNS lookup)
Work with EASendMail Service(Mail Queuing)
Programming with Asynchronous Mode
Programming with FastSender
Mail vs. FastSender
Bulk Email Sender Guidelines
Process Bounced Email (Non-Delivery Report) and Email Tracking
Work with RTF and Word
EASendMail ActiveX Object References
EASendMail SMTP Component Samples