Sending a DKIM Signed Email from C#
|
The article you are reading has moved! It is now available at: http://blog.tinisles.com/2009/09/sending-a-dkim-signed-email-from-c/ |
First off this code is intended to be instructional only! Yes it is possible to send a DKIM email from .net's SmtpClient. But there are a few hacks/warnings to go with the following code. I'm pretty sure DKIM is designed for signatures to be added by the STMP server. All the emails I've seen with DKIM signatures sign headers that would only be available to the server, e.g: Message-ID and Received. What does the RFC 4871 have to say about this:
Note that verifiers may treat unsigned header fields with extreme skepticism, including refusing to display them to the end user or even ignoring the signature if it does not cover certain header fields. For this reason, signing fields present in the message such as Date, Subject, Reply-To, Sender, and all MIME header fields are highly advised.Second: We need to sign the message body exactly as SmtpClient is going to deliver it to the SMTP server. Unfortunately MailMessage doesn't give us access to this. I've found some code to do the Quoted-printable encoding here: Nice Clean C# Generate Quoted-Printable. Still we couldn't guarantee we are going to hash the body exactly as SmtpClient is going to send. In this example I'm just replacing the carriage returns for an extremely simple sample email.
Let's get started. First use OpenSSL to generate your public and private keys: DomainKeys Public/Private Key-pair Generation. Now add the public key to the relevant TXT record on the domain you intend to send email from. I bought a cheap .info domain for this demo, and pointed the registrar to ZoneEdit. I had no trouble adding to TXT record to my domain via ZoneEdit.
...and now the code: (again I'm using Bouncy Castle Crypto APIs to create the signature)
string smtp = "~~ YOUR STMP SERVER HERE ~~"; string from = "russ@dkimtester.info"; string subject = "dkim test email"; string to = "check-auth@verifier.port25.com"; string body = "This is the body of the message." + Environment.NewLine + "This is the second line"; string base64privatekey = @"-----BEGIN RSA PRIVATE KEY----- ~~ YOUR PRIVATE KEY HERE ~~ -----END RSA PRIVATE KEY-----"; HashAlgorithm hash = new SHA256Managed(); // HACK!! simulate the quoted-printable encoding SmtpClient will use string hashBody = body.Replace(Environment.NewLine, "=0D=0A") + Environment.NewLine; byte[] bodyBytes = Encoding.ASCII.GetBytes(hashBody); string hashout = Convert.ToBase64String(hash.ComputeHash(bodyBytes)); // timestamp - seconds since 00:00:00 on January 1, 1970 UTC TimeSpan t = DateTime.Now.ToUniversalTime() - DateTime.SpecifyKind(DateTime.Parse("00:00:00 January 1, 1970"), DateTimeKind.Utc); string signatureHeader = "v=1; " + "a=rsa-sha256; " + "c=relaxed/relaxed; " + "d=dkimtester.info; " + "s=p; " + "t=" + Convert.ToInt64(t.TotalSeconds) + "; " + "bh=" + hashout + "; " + "h=From:To:Subject:Content-Type:Content-Transfer-Encoding; " + "b="; string canonicalizedHeaders = "from:" + from + Environment.NewLine + "to:" + to + Environment.NewLine + "subject:" + subject + Environment.NewLine + @"content-type:text/plain; charset=us-ascii content-transfer-encoding:quoted-printable dkim-signature:" + signatureHeader; TextReader reader = new StringReader(base64privatekey); Org.BouncyCastle.OpenSsl.PemReader r = new Org.BouncyCastle.OpenSsl.PemReader(reader); AsymmetricCipherKeyPair o = r.ReadObject() as AsymmetricCipherKeyPair; byte[] plaintext = Encoding.ASCII.GetBytes(canonicalizedHeaders); ISigner sig = SignerUtilities.GetSigner("SHA256WithRSAEncryption"); sig.Init(true, o.Private); sig.BlockUpdate(plaintext, 0, plaintext.Length); byte[] signature = sig.GenerateSignature(); signatureHeader += Convert.ToBase64String(signature); MailMessage message = new MailMessage(); message.From = new MailAddress(from); message.To.Add(new MailAddress(to)); message.Subject = subject; message.Body = body; message.Headers.Add("DKIM-Signature", signatureHeader); SmtpClient client = new SmtpClient(smtp); client.Send(message); Console.Write("sent to: " + to);
An email sent to gmail gets the cool "signed-by" info:
Labels: cryptography, dkim
Thank you Thank you Thank you very much...
Posted by Anonymous | 11:59 pm
Hi,
I am a not technical person and was searching whether it is possible to send a DKIM signed mail using MTA running on Windows platform? Someone suggested it can only be send using Unix platform.
Since I saw your post saying send using C#, just thought to check with you.
Request you to reply me at nimesh12345@gmail.com at your earliest.
Thanks
Nimesh
Posted by Unknown | 8:55 pm
Your article is very interesting. I applied it and all works fine! Please, can you help me about how sign a email using DomainKeys? (because DKIM<>DomainKeys). I have some days trying, but without success
Thanks. My email is jorgerodcas@hotmail.com
Posted by Jorge Martin Rodriguez Castro | 1:53 am
Hi thanks for the research on this.
We eventually decided the easiest option was to install hMailServer (free) which has a very simple GUI for setting up DKIM.
We have it listen on a non-standard port (so that IIS SMTP still works) and use the .Net SmtpClient to create the message in C#.
Hopefully this info might be useful to Windows admins. Certainly cheaper than the commercial option.
Posted by Alistair | 1:38 am
Hi Alistair, I've been meaning to write a quick article on setting up hMailServer. The details for setting up DKIM on hMailServer are here: http://www.hmailserver.com/documentation/latest/?page=reference_domain
Russ
Posted by Russ | 7:53 am
Hi Russ,
Thanks for this fantastic blog post! I had been trying to use a commercial DKIM library to sign my emails and it wasn't working. This post helped me get there. 4+ days of efforts got me nowhere. This article got me there in just a few hours.
Thanks again,
Amol.
Posted by Anonymous | 6:34 pm
Great !!!
Thank you very very very much :)
Posted by Anonymous | 5:14 am
Thank you very much... it still work very good
Posted by Fatih Özdemir | 9:12 pm
Thank you! This was very helpful
Posted by Anonymous | 5:33 am
Good job, thank you.
Posted by Oz | 9:03 am
i am getting error at cipher encryption time.
Org.BouncyCastle.OpenSsl.PemReader r is null, hence nothing ahead is working.
plz help
Posted by nav | 8:08 pm
i am also getting same error.
Org.BouncyCastle.OpenSsl.PemReader o is null
plz someone reply
Posted by Manpreet Sandhu | 4:44 pm
nav / Manpreet - do you have a genuine base64 private key in base64privatekey?
Posted by Russ | 4:49 pm
yes it is a valid key. i generated it online using http://dkimcore.org/tools/
Posted by nav | 2:25 pm
and also used all the namespace references.
using System.Text;
using System.Net.Mail;
using Org.BouncyCastle.Crypto;
using System.IO;
using System.Security.Cryptography;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.X509;
Posted by nav | 4:27 pm
Hi Nav,
Do you mind emailing me the key you are using? And any code you've got going. This article is pretty old- there's a good chance the Bouncy Castle stuff has changed since I last looked at it.
Email: russ@tinisles.com
Russ
Posted by Russ | 4:30 pm
This comment has been removed by the author.
Posted by nav | 9:24 pm
Hi,
thanks for this code.
but I have a problem with gmail, it reports all my emails as dkim neutral (bad format) and I just can't pinpoint the reason for that.
Does anybody have any clue?
Posted by Bojan | 1:34 am
lol... I have dived deep into this subject for more than 2 hours. got it working ALMOST.
however, please note, THIS worked only for emails which did not contains any special characters (spaces, new lines etc). THe replace new line with quated-encoding thing DID not work. The sample code provided did not even for for mentioned new-line case. It produced invalid results.
I have found another dedicated encoded on the web for the purpose of encoding whole string to that encoding => did not work either.
Seems like that hack does not work anymore?
Used GMAIL acc to verify results integrity.
Then.. suddenty I read in the comments about hMailServer which I had installed already...
LOL
couple of clicks... whole new code to WIPE OUT just to be restored to what it has been all time long. thank you all
Posted by Unknown | 2:46 am
hello,
I have used this code but in the header of my emails I didn't have the signed by what is the problem !
Posted by Unknown | 7:57 pm
Hi,
Can we send mail using certificate.
After installing certificate.
smtp authentication using certificate public key or private key?
and without using smtp credentials just through certificate
Posted by Unknown | 6:47 pm
how public key supplied to the client?
Posted by Samoxin | 2:45 pm
Its working fine when i am sending plain text but getting error "dkim=neutral (body hash did not verify)" when i am trying to send email in HTML format.
I tried adding "Mailmessage.BodyEncoding = Encoding.UTF8;" but still facing same issue.
Posted by Travel | 10:15 am
jika Anda seorang pemain poker profesional yang bisa tidur pada hari berikutnya, tetapi Anda harus mempertimbangkan komitmen kerja pertimbangan jika Anda punya pekerjaan. Ketahui apa yang berpotensi Anda dapatkan saat mendaftar untuk acara ini
asikqq
dewaqq
sumoqq
interqq
pionpoker
bandar ceme
hobiqq
paito warna
http://199.30.55.59/dewaqq78/
data hk 2019
Posted by Tony Chew | 6:36 pm
This comment has been removed by the author.
Posted by Unknown | 7:18 pm
getting this type of error with this code.
dkim=neutral (body hash did not verify) header.i=@
Posted by Unknown | 7:22 pm