How DomainKeys Works with SMTP Email

DomainKeys adds an email header named "DomainKey-Signature" that contains a digital signature of the email content. It uses SHA-1 as the cryptographic hash and RSA as the public key encryption scheme. The encrypted hash is base64 encoded and this is the header field's content.

The receiving SMTP server then uses the name of the domain from which the mail originated, the string _domainkey, and a selector from the header to perform a DNS lookup. The returned data includes that domain's public key. The receiver can then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail body that was received. If the two values match, it proves that the email originate at the domain, and was not tampered with in transit.

There is no source code associated with this article.