如何使用 C# SMTP 客户端进行域密钥/DKIM 电子邮件签名？

Question

I have written an program in C# which sends out emails. Now I have a requirement to sign outbound emails using Dominkeys/DKIM, but I'm not sure how to do it.

I have set up all keys, but I don't know how to get those and how to include them in the email header.

Answer 1

There is a fundamental problem with trying to do DKIM signatures with System.Net.Mail.MailMessage and System.Net.Mail.SmtpClient which is that in order to sign the message, you need to poke the internals of SmtpClient in order to hash the message body as one of the steps in generating the DKIM-Signature header. The problem comes in when you have alternative views or attachments because SmtpClient will generate new multipart boundaries each time it writes out the message which breaks the body hash and thus the DKIM-Signature validity.

To work around this, you can use the MimeKit and MailKit open source libraries for .NET as an alternative framework to using System.Net.Mail.

To add a DKIM signature to a message in MimeKit, you would do something like this:

MimeMessage message = MimeMessage.CreateFromMailMessage(mailMessage);
HeaderId[] headersToSign =  new HeaderId[] { HeaderId.From, HeaderId.Subject, HeaderId.Date };

string domain = "example.net";
string selector = "brisbane";

DkimSigner signer = new DkimSigner ("C:\my-dkim-key.pem", domain, selector) 
{
   SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha1,
   AgentOrUserIdentifier = "@eng.example.com",
   QueryMethod = "dns/txt",      
};

// Prepare the message body to be sent over a 7bit transport (such as 
// older versions of SMTP). This is VERY important because the message
// cannot be modified once we DKIM-sign our message!
//
// Note: If the SMTP server you will be sending the message over 
// supports the 8BITMIME extension, then you can use
// `EncodingConstraint.EightBit` instead.
message.Prepare (EncodingConstraint.SevenBit);

message.Sign (signer, headersToSign, 
    DkimCanonicalizationAlgorithm.Relaxed, 
    DkimCanonicalizationAlgorithm.Simple);

To send the message using MailKit, you would do something like this:

using (var client = new MailKit.Net.Smtp.SmtpClient ()) {
    client.Connect ("smtp.gmail.com", 465, true);
    client.Authenticate ("username", "password");
    client.Send (message);
    client.Disconnect (true);
}

Hope that helps.

Answer 2

请参阅https://github.com/dmcgiv/DKIM.Net它是用 C# 编写的 .Net 的域密钥识别邮件 (DKIM) 实现 - 它使您能够签署 MailMessage 对象。

Answer 3

我想也知道我只是找到一个dkim工具，但我不能运行成功-_- http://tinisles.blogspot.com/2009/09/sending-dkim-email-from-c.html

Answer 4

Use http://www.mimekit.org

Not only does it allow to use DKIM for signing, also you can include S/MIME certificates, PGP certificates and more. Also, its a very mature lib - the only one i've found that handles foreign languages (apart from english) correctly, since its completely and thoroughly coded with unicode in mind.

Its free and opensource.

Answer 5

This solved it for me when using Mailenable as SMTP relay server.

http://www.mailenable.com/kb/content/article.asp?ID=ME020700

When creating the DKIM TXT record on the domain name don't forget to use the active selector as prefix => yourselector._domainkey.yourdomainname.be

Answer 6

If you are looking to DKIM-sign the body of the MailMessage then DKIM.NET is great. If you are looking to have alternative views in your message then I wasnt able to find a solution and wrote my own (open-source with the usual disclaimers) that can be found at https://github.com/yannispsarras/DKIM-AlternativeViews

I understand this is a pretty old thread but I thought it may help someone.

Answer 7

i didnt find much help on this issue, but my problem got solve by configuring smtp server. i cant post those steps as i am using 3rd party smtp server and every server has their own configuration. after proper configuration my smtp automatically adds DM/DKIM signature.