Provides methods for signing e-mails with DomainKeys and DKIM signatures and verifying signatures of incoming e-mails.

For a list of all members of this type, see DomainKeys Members.

System.Object
   MailBee.Security.DomainKeys

Thread Safety

Public static (Shared in Visual Basic) members of this type are safe for multithreaded operations. Instance members are not guaranteed to be thread-safe.

Remarks

This class serves two purposes:

• Signing e-mails to be sent out with DomainKeys (and/or DKIM) signature. The domain you're sending from (i.e. company.com if the From: address is j.doe@company.com) should have valid DomainKeys DNS TXT records containing the public key of your domain (this record should be placed not directly for sending domain but rather for its sub-domain called selector). The e-mails are signed with the private key for this domain. You can use Sign method and its overloads to sign messages with your private key. This method also accepts selector parameter so that you can use any name for selector sub-domain. For instance, Gmail currently uses "gamma" as selector value so that the entire DomainKeys domain name is "gamma._domainkey.gmail.com" where "._domainkey." suffix is predefined by DomainKeys standard. It's important to understand there can be no actual host under that name, it's just a DNS record.
• Verifying DomainKeys (and/or DKIM) signatures of e-mails you receive. This involves using Smtp component for retrieving DomainKeys DNS record of the domain which sent the e-mail message in question, extracting the public key from that DNS record, and testing whether the signature matches that public key. No special DNS records are required on the receiving domain. Thus, you can always verify DomainKeys signatures regardless whether your domain has DomainKeys DNS record or not.

Note   In many cases, you can use DomainKeysSign and DomainKeysVerify methods of MailMessage class to deal with DomainKeys and DKIM signatures. They are easier to use than DomainKeys class and do not require you to supply Smtp object.

If your domain does not have the necessary DNS TXT record holding DomainKeys data, you need to create one or contact your server administrator on this matter. You can create a public/private key pair with a tool such as OpenSSL. See RFC 4870 for more information.

Note   This class supports classic DomainKeys (DK) and newer DKIM technology. DK is always supported while DKIM support may require the operating system support SHA256 algorithm (supported in WinXP SP3 and above). Most DomainKeys-signed e-mails are signed using both technologies. Thus, you can usually check signatures even if the OS does not support SHA256. Also, it's always possible to sign e-mails with MailBee and DKIM. This is because DKIM allows using SHA1 (which is always supported) in addition to SHA256. MailBee always signs e-mails with SHA1. The problem occurs only if the e-mail was signed by other software which used SHA256 for DKIM (and there is no classic DomainKeys signature for this e-mail), and you need to check its signature on the machine with an older OS. In this case, Verify method will return Sha256NotSupported.

Although DK and DKIM are different technologies, DKIM uses the same DNS records, public and private keys and selectors as DK. Thus, checking both DK and DKIM signatures won't force Verify method to send two DNS queries (for DK and DKIM). Only a single query regarding DomainKeys record will be made.

Example

General examples are available in Sign and Verify topics. Another Sign example shows advanced usage of signing.

Requirements

Namespace: MailBee.Security

Assembly: MailBee.NET (in MailBee.NET.dll)

See Also

DomainKeys Members | MailBee.Security Namespace

---