How to use DomainKeys Signature and DKIM Signature


DomainKeys is a technology proposal that can bring black and white back to this decision process by giving email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent. To learn more detail about DomainKeys, please refer to http://antispam.yahoo.com/domainkeys

DKIM is a similar technology as Domainkeys. To learn more detail about DKIM, please refer to RFC4871.

Now, EASendMail provides a way to add DomainKeys signature and DKIM signature to your email.

How DomainKeys/DKIM works?

DomainKeys/DKIM combines of a public key cryptography and a DNS to provide credible domain-level authentication for email.

When an email claims to originate from a certain domain, DomainKeys/DKIM provides a mechanism by which the recipient system can credibly determine that the email did in fact originate from a person or system authorized to send email for that domain.

Therefore, to sign an email with DomainKeys/DKIM, you MUST have a private key/pulic key pair for email signing.

sign dkim in c#, vb, c++/cli

Make key-pair certificate

First of all, we need to generate a certificate which contains public key/private key. We can use MakeCert.exe (.NET Framework Tools) to generate certificate like this:

makecert -pe -n "CN=mydomainkeys" -ss my -sr LocalMachine -a sha1 -sky signature -r -len 1024
Then you can check the certficate like this:
Windows Start Menu -> input:
MMC

press enter.

MMC -> File Menu -> Add/Remove Span-in
Add -> Choose "Certificates" -> Computer Account -> Local Machine -> Finish -> Close.

Then you should find the certificate at 
"Certificates(Local Computer) -> Personal -> Certificates"

Another way to get certificate (recommended)

If you don't have MakeCert.exe tool, you can use this online tool to generate the certificate
https://www.emailarchitect.net/certs/getpfx.aspx

Create X-DK-File

To sign the DomainKeys with EASendMail, we need to create a text file with notepad. and save it.

If you get certificate by MakeCert.exe, please use the following syntax

For example:
We create a adminsystemdomainkeys.txt and contains the following content.

dk_d: adminsystem.com
dk_s: s1024
CertStore: machine
CertStoreName: my
CertSubjectName: mydomainkeys

// dk_d is the email sender domain,
// dk_s is the domain public key  selector.
// CertSubjectName is the keyword in certificate subject.
// If you want to disable DKIM or DomainKeys, you can add
// DKIM:no
// or
// DomainKey:no

If you get certificate by online tool, please use the following syntax

// then the adminsystemdomainkeys.txt should contain the following content

dk_d: adminsystem.com
dk_s: s1024
PFXPath: c:\my cert\adminsystem.pfx
PFXPassword: mypassword

dk_d is the email sender domain,
// dk_s is the domain public key  selector.
// PFXPath is the PFX file full path.
// PFXPassword is the PFX file password.
// If you want to disable DKIM or DomainKeys, you can add
// DKIM:no
// or
// DomainKey:no 

Finally, we just need to add this line in your code:

[C# - DomainKeys and DKIM Header]
oMail.Headers.ReplaceHeader( "X-DK-File", "c:\\adminsystemdomainkeys.txt" );

[VB - DomainKeys and DKIM Header]
oMail.Headers.ReplaceHeader( "X-DK-File", "c:\adminsystemdomainkeys.txt" )

EASendMail will generate the DomainKeys signature and DKIM signature automatically.

Deploy Public Key

We also need to deploy the certificate Public Key to your domain DNS server. You can export the public key by the online tool:
https://www.emailarchitect.net/certs/getpublickey.aspx

You can also use the following code gets the public key of the certificate:

[C# - Get Public Key]
try
{
    Certificate oCert = new Certificate();
    oCert.Load("c:\\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET);
    MessageBox.Show( oCert.PublicKey );
}
catch( Exception exp )
{
    MessageBox.Show( exp.Message );
}

[VB - Get Public Key]
Try
    Dim oCert As New Certificate
    oCert.Load("c:\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET)
    MessageBox.Show( oCert.PublicKey )
    
Catch exp As Exception
    MessageBox.Show( exp.Message )
End Try

Once you get the public key, you should set a TXT record in your domain DNS server. For example: your selector is s1024, your domain is adminsystem.com, then you should create a TXT record for s1024._domainkey.adminsystem.com and set the following content in the record.

s1024._domainkey.adminsystem.com       text =

        "t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmKsozkVJqlNAGsvn1LoJPmoZl8nizv6pIuOV5P
44E8C6Vbl4DW8p0Bb5Zg8EgpYRgsEiJX5pYDj67YzzXNIhViziHwQ3jbUedxNkw/6GV4ZX8aRJKJnwnYqGWIQ8tQESwQtywfduQ2
TjsS1aG3XeOgxxEeuhBNaZHQWVThSinuQIDAQAB"

To learn more detail about Public Key deployment, please refer to https://www.emailarchitect.net/domainkeys/doc/default.aspx?ct=object_deploy

Test DomainKeys and DKIM

Please go to http://www.appmaildev.com/en/dkim to test your DKIM and DomainKeys signature.

Online Example

Send Email with DomainKeys and DKIM - C#
Send Email with DomainKeys and DKIM - VB
Send Email with DomainKeys and DKIM - C++/CLI

See Also

Using EASendMail SMTP .NET Component
User Authentication and SSL Connection
From, ReplyTo, Sender and Return-Path
Digital Signature and E-mail Encryption
Send E-mail Directly (Simulating SMTP server)
Work with EASendMail Service (Email Queuing)
Bulk Email Sender Guidelines
Process Bounced Email (Non-Delivery Report) and Email Tracking
EASendMail .NET Namespace References
EASendMail SMTP Component Samples