DKIM-Signature Tag Order

We're sorry but our site requires JavaScript.

JavaScript seems to be disabled in your browser. Please enable JavaScript to avoid running into issues while using our website.

DKIM-Signature Tag Order RSS Back to forum

I have some incoming emails fail to verify DKIM with the message "Error checking the DKIM signature: version tag at invalid position (v=1)." The signature does indeed have the version tag listed second, after algorithm -- an uncommon ordering to be certain.

However, I can't find anything in the DKIM spec that requires a particular order. RFC6376 section 3.6.1 requires the "v=DKIM1" tag be first, but that only applies to the related DNS record.

by tyler 4 years ago

@tyler: Hello tyler,

Thank you for reporting this issue. You are absolutely right, only the key record must start with the version tag. I have forwarded your findings to our developers and they have confirmed that this is not an intended behavior and the bug will be fixed in the next version of ORF*.

*As most DKIM signatures start with the version tag, and a signature validation error does not cause the blacklisting of the email by default, the risk of false positive results is minimal.

Once again, thank you for reporting this.

by Daniel Novak (Vamsoft) 4 years ago

(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

DKIM-Signature Tag Order - ORF Forums

Browser Upgrade Recommended

DKIM-Signature Tag Order RSS Back to forum

New comment

Search the forum

ORF Technical Support

News & Announcements

Everything but ORF

Feature Test Program

ORF Beta

Customer Service