Dkim |
public enum DkimCanonicalizationAlgorithm
Member name | Value | Description |
---|---|---|
Simple | 0 | The simple canonicalization algorithm tolerates almost no modification by mail servers while the message is in-transit. |
Relaxed | 1 | The relaxed canonicalization algorithm tolerates common modifications by mail servers while the message is in-transit such as whitespace replacement and header field line rewrapping. |
Empirical evidence demonstrates that some mail servers and relay systems modify email in transit, potentially invalidating a signature. There are two competing perspectives on such modifications. For most signers, mild modification of email is immaterial to the authentication status of the email. For such signers, a canonicalization algorithm that survives modest in-transit modification is preferred.
Other signers demand that any modification of the email, however minor, result in a signature verification failure. These signers prefer a canonicalization algorithm that does not tolerate in-transit modification of the signed email.
public static void DkimSign (MimeMessage message) { var headers = new HeaderId[] { HeaderId.From, HeaderId.Subject, HeaderId.Date }; var signer = new DkimSigner ("privatekey.pem", "example.com", "brisbane", DkimSignatureAlgorithm.RsaSha256) { HeaderCanonicalizationAlgorithm = DkimCanonicalizationAlgorithm.Simple, BodyCanonicalizationAlgorithm = DkimCanonicalizationAlgorithm.Simple, AgentOrUserIdentifier = "@eng.example.com", QueryMethod = "dns/txt", }; // Prepare the message body to be sent over a 7bit transport (such as older versions of SMTP). // Note: If the SMTP server you will be sending the message over supports the 8BITMIME extension, // then you can use `EncodingConstraint.EightBit` instead. message.Prepare (EncodingConstraint.SevenBit); signer.Sign (message, headers); }