DomainKeysTypes Enumeration

Defines the supported types of DomainKeys technology (classic DK and DKIM).

Namespace: MailBee.Security
Assembly: MailBee.NET (in MailBee.NET.dll) Version: 12.4 build 677 for .NET 4.5

Syntax

[FlagsAttribute]
public enum DomainKeysTypes

<FlagsAttribute>
Public Enumeration DomainKeysTypes

Members

Member name	Value	Description
DK	1	Classic DomainKeys technology. Always uses SHA1 algorithm for signing and verification.
DKIM	2	Newer DKIM technology. Can use SHA1 but SHA256 is preferred.
Both	3	Sign and verify using both DK and DKIM signatures. In case of verification, the message can have one or both signature, if any of them are incorrect, the overall result will be "incorrect". However, when there are both DK/DKIM signatures and DKIM signature cannot be checked because it's SHA256 while the current system has no support for it (e.g. FipsMode is enabled and .NET Framework is older than 4.0), MailBee will ignore DKIM signature and return the result based on DK signature only.

Remarks

MailBee can create and verify signatures of two types: classic DomainKeys and newer DKIM (or both of them). By default, both DomainKeys and DKIM are used. However, some overloads of Sign(MailMessage, String, Byte, String, DomainKeysTypes) and Verify(MailMessage, Smtp, DomainKeysTypes) methods allow you to specify the exact DomainKeys type to be used.

DK and DKIM use SHA algorithms for calculating hashes (for both signing and signature verification). DK always uses SHA1 algorithm while DKIM can use SHA1 but more secure SHA256 is preferred. MailBee by default creates DKIM signatures using SHA256. As for verification of DKIM signatures of existing messages, both SHA1 and SHA256 are supported.

Note
Checking or creating DKIM signatures may require the support of SHA256 algorithm from the system. If the current system is FIPS-compliant, you should enable FipsMode to make MailBee always use FIPS-compliant implementations of SHA1 and SHA256 (they are a bit slower than their managed code counterparts). However, FIPS-compliant SHA256 is still NOT available in .NET Framework 2.0/3.5. If FipsMode is enabled, MailBee for .NET 2.0/3.5 will use SHA1 for signing and can only verify SHA1 DKIM signatures.

Note

Checking or creating DKIM signatures may require the support of SHA256 algorithm from the system. If the current system is FIPS-compliant, you should enable FipsMode to make MailBee always use FIPS-compliant implementations of SHA1 and SHA256 (they are a bit slower than their managed code counterparts). However, FIPS-compliant SHA256 is still NOT available in .NET Framework 2.0/3.5. If FipsMode is enabled, MailBee for .NET 2.0/3.5 will use SHA1 for signing and can only verify SHA1 DKIM signatures.

.NET 4.0+ and MailBee.NET.dll builds for .NET 4.0+ are OK for FIPS and can always use SHA256 for both signing and encryption (but for performance reasons it's still recommended to enable FipsMode).

Reference

MailBee.Security Namespace