📄️ Overview
DomainKeys Identified Mail (DKIM) is a widely-used email authentication method employed to verify the authenticity of an email message. It uses public key cryptography to encrypt a digital signature within the message header that can be verified by the recipient's mail server. The goal of DKIM is to prevent email spoofing and make it possible to track which domain sent an email. It works by adding a signature to the message header that is encrypted with a private key held by the sending domain's mail server, which can be decrypted with a public key that is published in the domain's DNS records. The recipient's mail server can then use this public key to validate the signature and confirm that the message was indeed sent by the domain that claims to have sent it.
📄️ Signing
Stalwart SMTP can be configured to automatically sign outgoing messages with one or multiple signatures using the ED25519-SHA256 (Edwards-Curve Digital Signature Algorithm), RSA-SHA256 or RSA-SHA1 algorithms. The list of signatures to use is configured by the auth.dkim.sign parameter.
📄️ Verifying
Stalwart SMTP supports verifying the DKIM signatures of incoming messages using the ED25519-SHA256 (Edwards-Curve Digital Signature Algorithm), RSA-SHA256 or RSA-SHA1 algorithms. The auth.dkim.verify attribute indicates the DKIM verification policy:
📄️ Reporting
DKIM authentication failure reporting is a mechanism that allows domain owners to receive notifications when email messages sent from their domain fail DKIM authentication checks at recipient mail servers. The reporting mechanism uses an email-based report format, which is sent to a designated address within the domain. This information can be used to identify misconfigurations or malicious activity that may negatively impact the domain's email reputation. The reports typically include information such as the message's sender, recipient, and the specific DKIM verification result (e.g., "failed" or "permanently failed"). By analyzing the reports, domain owners can detect issues with their DKIM implementation and take action to resolve them, improving their email deliverability and protecting their domain's reputation.