How to Domainkeys/DKIM email signing using the C# SMTP client?

c# email smtp dkim domainkeys
Nnp picture Nnp · Mar 1, 2010 · Viewed 15.2k times · Source

I have written an program in C# which sends out emails. Now I have a requirement to sign outbound emails using Dominkeys/DKIM, but I'm not sure how to do it.

I have set up all keys, but I don't know how to get those and how to include them in the email header.

Answer

jstedfast picture jstedfast · Jun 18, 2015

There is a fundamental problem with trying to do DKIM signatures with System.Net.Mail.MailMessage and System.Net.Mail.SmtpClient which is that in order to sign the message, you need to poke the internals of SmtpClient in order to hash the message body as one of the steps in generating the DKIM-Signature header. The problem comes in when you have alternative views or attachments because SmtpClient will generate new multipart boundaries each time it writes out the message which breaks the body hash and thus the DKIM-Signature validity.

To work around this, you can use the MimeKit and MailKit open source libraries for .NET as an alternative framework to using System.Net.Mail.

To add a DKIM signature to a message in MimeKit, you would do something like this:

MimeMessage message = MimeMessage.CreateFromMailMessage(mailMessage);
HeaderId[] headersToSign =  new HeaderId[] { HeaderId.From, HeaderId.Subject, HeaderId.Date };

string domain = "example.net";
string selector = "brisbane";

DkimSigner signer = new DkimSigner ("C:\my-dkim-key.pem", domain, selector) 
{
   SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha1,
   AgentOrUserIdentifier = "@eng.example.com",
   QueryMethod = "dns/txt",      
};

// Prepare the message body to be sent over a 7bit transport (such as 
// older versions of SMTP). This is VERY important because the message
// cannot be modified once we DKIM-sign our message!
//
// Note: If the SMTP server you will be sending the message over 
// supports the 8BITMIME extension, then you can use
// `EncodingConstraint.EightBit` instead.
message.Prepare (EncodingConstraint.SevenBit);

message.Sign (signer, headersToSign, 
    DkimCanonicalizationAlgorithm.Relaxed, 
    DkimCanonicalizationAlgorithm.Simple);

To send the message using MailKit, you would do something like this:

using (var client = new MailKit.Net.Smtp.SmtpClient ()) {
    client.Connect ("smtp.gmail.com", 465, true);
    client.Authenticate ("username", "password");
    client.Send (message);
    client.Disconnect (true);
}

Hope that helps.

Related questions

Sending email in .NET through Gmail

Instead of relying on my host to send an email, I was thinking of sending the email messages using my Gmail account. The emails are personalized emails to the bands I play on my show. Is it possible to do …

Read More
"The remote certificate is invalid according to the validation procedure." using Gmail SMTP server

I'm getting this error: The remote certificate is invalid according to the validation procedure. whenever I try to send e-mail using Gmail's SMTP server in my C# code. Can someone point me to the right direction for a solution to …

Read More
Sending email through Gmail SMTP server with C#

For some reason neither the accepted answer nor any others work for me for "Sending email in .NET through Gmail". Why would they not work? UPDATE: I have tried all the answers (accepted and otherwise) in the other question, but …

Read More