DomainKeysVerify Method (MailMessage, Smtp)
Verifies the DomainKeys and DKIM signatures of the mail message.

Namespace: MailBee.Security
Assembly: MailBee.NET (in MailBee.NET.dll) Version: 12.2.0 build 630 for .NET 4.5
public DomainKeysVerifyResult Verify(
	MailMessage msg,
	Smtp dnsRequestor


Type: MailBee.MimeMailMessage
The mail message to be verified.
Type: MailBee.SmtpMailSmtp
The instance of Smtp class to be used for making DNS queries.

Return Value

Type: DomainKeysVerifyResult
The result of the verification.
MailBeeInvalidArgumentExceptionmsg or dnsRequestor is a null reference (Nothing in Visual Basic) or dnsRequestor.DnsServers collection is empty.
MailBeeExceptionAn error occurred and ThrowExceptions is true.

In order to verify DomainKeys/DKIM signature of e-mails, this method has to make DNS queries to the DomainKeys server of the sender. MailBee uses Smtp class for this. Thus, you must have the appropriate license for Smtp component. Or, you can use DomainKeysVerify which is simpler to use and does not require Smtp license (but it's more limited in features).

There is a chance your mail server may already check DomainKeys/DKIM signatures of incoming e-mails. If it's so, you should simply check extra headers which contain DomainKeys/DKIM checking results and get added by your mail server to the message. For instance, Gmail adds "Authentication-Results" header for that purpose.

If your message has multiple DKIM signatures and you need to check them all, use Verify(MailMessage, Smtp, Header) overload.

Note Note
This method may take significant time to execute because it needs to make a network operation - DNS query. Also, if there is a problem with the DNS server, it may fail (return DnsQueryFailed) even if the DomainKeys signature itself is correct. Also, if the message has both classic DomainKeys (DK) and newer DKIM signatures, the method will verify both of them to check if they match (this may double the execution time in case if DNS information for DK and DKIM records of the sending domain is different). If you wish to check only one type of DomainKeys signature, use Verify(MailMessage, Smtp, DomainKeysTypes) overload.

This method is thread-safe: you can call Verify(MailMessage, Smtp) method for the same instance of DomainKeys class to speed up validating signatures of multiple e-mails. However, you should pass separate instance of Smtp class as dnsRequestor value for each Verify(MailMessage, Smtp) method call.

Note Note
If the current system is FIPS-compliant and runs .NET 2.0/3.5 and the message contains only DKIM signature created using SHA256 algorithm, the method will return Sha256NotSupported or throw an exception if ThrowExceptions is enabled. This can only occur with older .NET versions (before 4.0) because there was no FIPS-certified SHA256 implementation at that time. On a FIPS system, use MailBee.NET.dll for .NET 4.0+ to avoid these issues. All classic DK signatures and those DKIM signatures which use SHA1 algorithm are fully supported on all Windows platforms, including FIPS-compliant ones. You'll still need to enable FipsMode to use FIPS-compliant versions of security algorithms.
This sample loads an e-mail message from file, prepares Smtp object for making DNS queries and verifies that message.
using System;
using MailBee;
using MailBee.Mime;
using MailBee.Security;
using MailBee.SmtpMail;

class Sample
    static void Main(string[] args)
        // Load the message from file (we could also
        // get if from the mail server or elsewhere).
        MailMessage msg = new MailMessage();

        // Prepare Smtp instance for making DNS queries.
        // We assume Smtp license key is already set in config file.
        Smtp mailer = new Smtp();

        // Verify DomainKeys signature.
        DomainKeys dk = new DomainKeys();
        DomainKeysVerifyResult dkResult = dk.Verify(msg, mailer);
See Also