DKIM, which stands for DomainKeys Identified Mail, is a critical email authentication standard that helps prevent email spoofing. It works by adding a digital signature to outgoing emails. This signature is contained within a special header, DKIM-Signature, which is composed of several tag-value pairs, each denoted by a letter. While tags like d= (domain) and s= (selector) point to the public key for verification, the b= tag contains the core of the signature itself.
Let's dive into the specific purpose of this mandatory and crucial tag.
The signature itself
The b= tag in a DKIM signature header contains the actual digital signature of the email. This isn't just a simple piece of text; it's a cryptographic, base64-encoded string that acts as a tamper-proof seal. Its value is the result of a process that involves both the email's content and a secret, private key that only the sending server should possess.
Essentially, this tag carries the verifiable proof that the email headers and body have not been altered in transit and that the email originates from a server authorized to send on behalf of the domain.
How the 'b=' tag value is generated
Creating the value for the b= tag is a multi-step cryptographic process performed by the sending mail server. Here's a simplified breakdown of how it works:
- Hashing the Body: First, the server takes the body of the email and creates a hash of it. This hash is placed in the bh= tag of the DKIM signature.
- Hashing the Headers: The server then takes the email headers specified in the h= tag (including the DKIM-Signature header itself, with the b= tag's value empty) and creates a hash of them.
- Signing the Hash: This header hash is then encrypted using the sender's private DKIM key. This private key corresponds to the public key published in the domain's DNS records.
- Encoding the Signature: The resulting encrypted value is encoded in Base64 format and becomes the value for the b= tag.
The verification process
When a receiving mail server gets the email, it uses the b= tag to verify the message's integrity. As described in this guide on manually verifying signatures, the server essentially reverses the signing process.
The receiving server uses the domain (d=) and selector (s=) from the DKIM signature to look up the public key in DNS. It then uses this public key to decrypt the value of the b= tag, which reveals the original hash of the headers calculated by the sender.
Next, the server independently calculates its own hash of the received headers (using the list from the h= tag). If this newly calculated hash matches the decrypted hash from the b= tag, the DKIM check passes. This confirms that the signed parts of the email have not been altered since they were signed by the sender, proving the message's authenticity.
In short, the b= tag is the linchpin of the entire DKIM system. It holds the cryptographic proof that connects the message content to the sending domain, making it a fundamental component of modern email security.
