All Collections
Learn about DKIM
DKIM canonicalization explained
DKIM canonicalization explained

Overview of what DKIM canonicalization is and how it is being used.

Ivan Kovachev avatar
Written by Ivan Kovachev
Updated over a week ago

Canonicalization is a process by which the headers and body of an email are converted to a canonical standard form before being DKIM signed. This can be thought of as converting data into a standard canonical form.

Some mail systems modify emails in transit (eg. forwarders) that can potentially invalidate the DKIM signature applied. Some DKIM signers may require that minor mail modification is fine and others may be more strict and require stricter canonicalization be used. 

Two canonicalization algorithms have been created to satisfy mild modification to a message and almost no modification to a message before signing. The two canonicalization algorithms are relaxed and simple respectively. 

From DKIM’s perspective the headers and body of an email are separate and canonicalization algorithms are specified for both, one for the headers and another for the body.

They are represented in the format of: "canonicalization/canonicalization" for header and body respectively. If no canonicalization is specified then 'simple' is used for both headers and body, so it would look like this: simple/simple.

The simple/simple canonicalization is the stricter of the two and allows for almost no modification to the message header and body. This can however affect the DKIM signature being invalidated by some forwarders as the email passes through them. Many of the issues with DKIM being invalidated during forwarding can be solved if the canonicalization is changed to relaxed/relaxed to allow for mild modifications to the emails.

To learn more about each canonicalization algorithm please click on the button below.

Did this answer your question?