Search code examples
emaildkim

Should the DKIM signature be inserted after the Subject: header?

My ISP (Virgin Media) is introducing DKIM in their emails.

After sending and email I had a look at the source and found that they are placing the DKIM signature between the Subject: header and the body.

Return-Path: <xxxxxxxx@blueyonder.co.uk>
Delivered-To: xxxxxxxx@blueyonder.co.uk
Received: from md17.tb.ukmail.iss.local ([212.54.57.73])
    by mc8.tb.ukmail.iss.local (Dovecot) with LMTP id 5cl8E7ZoJlmNQwAAVqD7fw
    for <xxxxxxxx@blueyonder.co.uk>; Thu, 25 May 2017 07:17:29 +0200
Received: from mx6.tb.ukmail.iss.as9143.net ([212.54.57.73])
    by md17.tb.ukmail.iss.local (Dovecot) with LMTP id 
EstZLcTm/VjmbwAAeUlFJQ
    ; Thu, 25 May 2017 07:17:29 +0200
Received: from know-smtprelay-omc-3.server.virginmedia.net ([80.0.253.67])
    by mx6.tb.ukmail.iss.as9143.net with bizsmtp
    id QVHM1v00m1U0oNg01VHVUu; Thu, 25 May 2017 07:17:29 +0200
X-SourceIP: 80.0.253.67
X-CNFS-Analysis: v=2.2 cv=K/RSJ2eI c=1 sm=1 tr=0
 a=NusZbS+MIKNGTdhVDzOOtg==:117 a=o+HFlgnLNhdkn43EnkHUFQ==:17
 a=KXL61P45u2kA:10 a=tJ8p9aeEuA8A:10 a=MTPcje7z3XVcjakvMuAA:9
Received: from [192.168.0.19] ([80.193.xxxx.xxxx])
    by know-smtprelay-3-imp with bizsmtp
id QVHU1v0051httJ801VHU5a; Thu, 25 May 2017 06:17:29 +0100
X-Originating-IP: [80.193.182.78]
X-Authenticated-User: xxxxxxxxn@blueyonder.co.uk
X-Spam: 0
X-Authority: v=2.1 cv=XNzNMlVE c=1 sm=1 tr=0 a=o+HFlgnLNhdkn43EnkHUFQ==:117
 a=o+HFlgnLNhdkn43EnkHUFQ==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10
 a=s5jvgZ67dGcA:10 a=MTPcje7z3XVcjakvMuAA:9
From: xxxxxxxx@blueyonder.co.uk
To: xxxxxxxx@timothydutton.co.uk, xxxxxxxx@blueyonder.co.uk
Subject: Sending via Python
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blueyonder.co.uk;
    s=meg.feb2017; t=1495689449;
    bh=8bjk8lFzQ2833A/RBLNeoi8C+tOykYEwquKHC+57mNw=; h=From:To:Subject;
    b=ZuUwY74fd1AyxgXZ1LalJmb4fUFNqrQzOPall5FXrwTWoEYMBqR6u44HNJ1VOp1Jh
     +ik/ip8stBs7SXM/3ViaL/Vj4cP9CPdxO1UY/kblhojNF2Jw31f69gCpGdDQVCx6eC
     1KNdN0VadqQYVXd//wERGhXo+h2tkN2Ey0fZHxItXnN4ua90wwJfg3Iq2kM16m7OYw
     W+JiISTy84jqYxS7TFpgtfSLdZUG5y5OyG9r9rP9JBXxqBUIaq/QlAfcuTVJ9HXhLf
     h0d0CWLqSRoNrE2Dcqe/ES5cl12tL1HR3wHN4oU/kT0ilINEzRGSzkkeT0eHAUSjC6
     zfRok7vuo+GQA==

Yo this is a mail sent via Python 3.6

According to Virgin Media, this is expected behaviour. But my understanding was that SMTP servers should add the headers to the start rather than the middle of the message?

Is this allowed in the SMTP or DKIM standard, or could it cause problems?

Solution

  • Yes, this is allowed by the DKIM standard. The only requirement I'm aware of is the following:

    The DKIM-Signature header field MUST be inserted before any other DKIM-Signature fields in the header block. RFC 6376 section 5.6

    It is however recommended to prepended it to the message:

    The DKIM-Signature header field SHOULD be treated as though it were a trace header field as defined in Section 3.6 of [RFC5322] and hence SHOULD NOT be reordered and SHOULD be prepended to the message. RFC 6376 section 3.5