Email Spoofing

DKIM adds a digital signature to the email header. The mail receiving program will recalculate the signature on receipt to verify the mail is authentic and has not been tampered with.

dkim_generation.rb
# @return [DkimHeader] Constructed signature for the mail message
def dkim_header
  dkim_header = DkimHeader.new

  raise "A private key is required" unless private_key
  raise "A domain is required"      unless domain
  raise "A selector is required"    unless selector

  # Add basic DKIM info
  dkim_header['v'] = '1'
  dkim_header['a'] = signing_algorithm
  dkim_header['c'] = "#{header_canon}/#{body_canon}"
  dkim_header['d'] = domain
  dkim_header['i'] = identity if identity
  dkim_header['q'] = 'dns/txt'
  dkim_header['s'] = selector
  dkim_header['t'] = (time || Time.now).to_i

  # Add body hash and blank signature
  dkim_header['bh']= digest_alg.digest(canonical_body)
  dkim_header['h'] = signed_headers.join(':')
  dkim_header['b'] = ''

  # Calculate signature based on intermediate signature header
  headers = canonical_header
  headers << dkim_header.to_s(header_canonicalization)
  dkim_header['b'] = private_key.sign(digest_alg, headers)

  dkim_header
end