DomainKeys is a technology proposal that can bring black and white back to this decision process by giving email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent. To learn more detail about DomainKeys, please refer to http://antispam.yahoo.com/domainkeys
DKIM is a similar technology as Domainkeys. To learn more detail about DKIM, please refer to RFC4871.
Now, EASendMail provides a way to add DomainKeys signature and DKIM signature to your email.
Make key-pair certificate
First of all, we need to generate a certificate which contains public key/private key. We can use MakeCert.exe (.NET Framework Tools) to generate certificate like this:
makecert -pe -n "CN=mydomainkeys" -ss my -sr LocalMachine -a sha1 -sky signature -rThen you can check the certficate like this:
Windows Start Menu->input: MMC press enter. MMC->File Menu->Add/Remove Span-in Add->Choose "Certificates"-> Computer Account->Local Machine->Finish->Close. Then you should find the certificate at "Certificates(Local Computer)->Personal->Certificates"
Create X-DK-File
To sign the DomainKeys with EASendMail, we need to create a text file with notepad. and save it.
For example: We create a adminsystemdomainkeys.txt and contains the following content. dk_d: adminsystem.com dk_s: s1024 CertStore: machine CertStoreName: my CertSubjectName: mydomainkeys DKIMSupport: yes dk_d is the email sender domain, dk_s is the domain public key selector. CertSubjectName is the keyword in certificate subject. If DKIMSupport is "yes", then DKIM signature will be added as well.You can also export the certificate with MMC. If importing private key is chosen, the *.pfx will be generated.
then the adminsystemdomainkeys.txt should contain the following content dk_d: adminsystem.com dk_s: s1024 PFXPath: c:\my cert\adminsystem.pfx PFXPassword: mypassword DKIMSupport: yes dk_d is the email sender domain, dk_s is the domain public key selector. PFXPath is the PFX file full path. PFXPassword is the PFX file password. If DKIMSupport is "yes", then DKIM signature will be added as well.Finally, we just need to add this line in your code:
[C#] oMail.Headers.ReplaceHeader( "X-DK-File", "c:\\adminsystemdomainkeys.txt" ); [Visual Basic.NET] oMail.Headers.ReplaceHeader( "X-DK-File", "c:\adminsystemdomainkeys.txt" )EASendMail will generate the DomainKeys signature and DKIM signature automatically.
Deploy Public Key
We also need to deploy the certificate Public Key to your domain DNS server.
You can export the public key by the online tool:
http://emailarchitect.com/live/getpublickey.aspx
You can also use
the following code gets the public key of the certificate.
[C#]
try
{
Certificate oCert = new Certificate();
oCert.Load("c:\\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET);
MessageBox.Show( oCert.PublicKey );
}
catch( Exception exp )
{
MessageBox.Show( exp.Message );
}
[Visual Basic.NET]
Try
Dim oCert As New Certificate
oCert.Load("c:\test.pfx", "pfxpassword", Certificate.CertificateKeyLocation.CRYPT_USER_KEYSET)
MessageBox.Show( oCert.PublicKey )
Catch exp As Exception
MessageBox.Show( exp.Message )
End Try
Once you get the public key, you should set a TXT record in your domain DNS server. For example: your selector is s1024, your domain is adminsystem.com, then you should create a TXT record for s1024._domainkey.adminsystem.com and set the following content in the record.
s1024._domainkey.adminsystem.com text =
"t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmKsozkVJqlNAGsvn1LoJPmoZl8nizv6pIuOV5P
44E8C6Vbl4DW8p0Bb5Zg8EgpYRgsEiJX5pYDj67YzzXNIhViziHwQ3jbUedxNkw/6GV4ZX8aRJKJnwnYqGWIQ8tQESwQtywfduQ2
TjsS1aG3XeOgxxEeuhBNaZHQWVThSinuQIDAQAB"
To learn more detail about Public Key deployment, please refer to http://antispam.yahoo.com/domainkeys
Test DomainKeys and DKIM
You just need to send an email to check-auth@verifier.port25.com, then a report will be send back to your sender email address.
2001-2007 © Copyright AdminSystem Software Limited. All rights reserved.