Is the DKIM 'v' tag always 'DKIM1'?

The short answer is yes, for all practical purposes, the value of the DKIM version tag (v=) in a DKIM signature header is always DKIM1. While the specification was built to allow for future versions, DKIM1 is the only version that has ever been standardized and widely adopted.

This tag is a mandatory component of the DKIM-Signature header field. Its presence tells receiving mail servers which version of the DomainKeys Identified Mail specification to use when verifying the email's signature. Without it, or with an incorrect value, the signature check will fail.

Suped DMARC monitor

Free forever, no credit card required

Get started for free

Trusted by teams securing millions of inboxes

The DKIM standard, defined in RFC 6376, outlines a set of tags that make up the DKIM signature. The version tag (v=) is the first and most critical tag. It establishes the rules for all the other tags that follow in the signature.

Think of it like a file version number. If you try to open a file created with a brand new version of a program in a very old version, the old program won't understand the new format. The v=DKIM1 tag ensures that all mail servers are on the same page, interpreting the signature according to the same set of rules.

The creators of DKIM had the foresight to include a versioning system. This allows the protocol to evolve without invalidating all existing implementations. If a security flaw were discovered or significant improvements were proposed, a new version, like DKIM2, could be introduced through a new RFC.

However, DKIM1 has proven to be remarkably robust and effective. There hasn't been a compelling need to overhaul the standard. The email ecosystem relies on stability, and introducing a new version would be a massive undertaking, requiring updates to mail servers and signing software worldwide. For now, the original specification does its job well.

The v= tag is not optional. A DKIM signature without a v=DKIM1; component is invalid. A receiving mail server will treat the signature as if it's not there at all, likely resulting in a permerror or fail result for the DKIM check. This can negatively impact your email deliverability, as it's a strong signal to mailbox providers that something is wrong with your email's authentication.

• Required tag: The presence of v=DKIM1 is mandatory for a valid signature.
• Verification failure: A missing or incorrect version tag will cause the DKIM check to fail.
• Deliverability impact: Failed authentication checks hurt your sender reputation and can cause emails to land in spam or be rejected.

To wrap it up, the v=DKIM1 tag is a simple but non-negotiable part of DKIM. It's the cornerstone that ensures every server is playing by the same rules. While the system is designed for future updates, we are firmly, and for the foreseeable future, in the era of DKIM1.