Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests
loadplugin Mail::SpamAssassin::Plugin::DKIM [/path/to/DKIM.pm]
full DKIM_VALID eval:check_dkim_valid()
full DKIM_VALID_AU eval:check_dkim_valid_author_sig()
(for compatibility, a check_dkim_verified is a synonym for
This SpamAssassin plugin implements DKIM lookups as described by the
RFC 4871, as well as historical DomainKeys lookups, as described by RFC
4870, thanks to the support for both types of signatures by newer
versions of module Mail::DKIM (0.22 or later).
It requires the "Mail::DKIM" CPAN module to operate. Many thanks to
Jason Long for that module.
The following tags are added to the set, available for use in reports,
header fields, other plugins, etc.:
_DKIMIDENTITY_ signing identities (the 'i' tag) from valid signatures;
_DKIMDOMAIN_ signing domains (the 'd' tag) from valid signatures;
Identities and domains from signatures which failed verification are
not included in these tags. Duplicates are eliminated (e.g. when there
are two or more valid signatures from the same signer, only one copy
makes it into a tag). Note that there may be more than one signature
in a message - currently they are provided as a space-separated list,
although this behaviour may change.
whitelist_from_dkim authorATexample.com [signing-identity]
Use this to supplement the whitelist_from addresses with a check to
make sure the message with a given From address (the author's
address) carries a valid Domain Keys Identified Mail (DKIM)
signature by a verifier-acceptable signing-identity (the i= tag).
Only one whitelist entry is allowed per line, as in
"whitelist_from_rcvd". Multiple "whitelist_from_dkim" lines are
allowed. File-glob style characters are allowed for the From
address (the first parameter), just like with
"whitelist_from_rcvd". The second parameter does not accept
If no signing identity parameter is specified, the only acceptable
signature will be a first-party signature, i.e. the so called
author signature, which is a signature where the signing identity
of a signature matches the author address (i.e. the address in a
From header field).
Since this whitelist requires a DKIM check to be made, network
tests must be enabled.
Examples of whitelisting based on an author signature (first-
Examples of whitelisting based on third-party signatures:
whitelist_from_dkim rickATexample.net richardATexample.net
whitelist_from_dkim rickATsub.net example.net
whitelist_from_dkim janeATexample.net example.org
whitelist_from_dkim *@info.example.com example.com
whitelist_from_dkim *@* remailer.example.com
def_whitelist_from_dkim authorATexample.com [signing-identity]
Same as "whitelist_from_dkim", but used for the default whitelist
entries in the SpamAssassin distribution. The whitelist score is
lower, because these are often targets for abuse of public mailers
which sign their mail.
dkim_timeout n (default: 5)
How many seconds to wait for a DKIM query to complete, before
scanning continues without the DKIM result.
perl v5.10.0 2008-06Mail::SpamAssassin::Plugin::DKIM(3pm)