Status: a work in progress
DKIM2 is being developed in the IETF DKIM working group. It is an active Internet-Draft, not yet a finished standard — details may still change.
The problem with DKIM today
DKIM (v1) adds one signature per hop, and each relay can only sign what it added. It has no way to show whether a message was modified between hops — so ordinary forwarding and mailing lists routinely break signatures, and there is no record of who changed what.
How DKIM2 works
DKIM2 records the journey of a message with two linked mechanisms:
- Message-Instance (MI) headers — a hash snapshot of the message taken at each hop, so a verifier can confirm the chain of snapshots is intact.
- Chained DKIM2-Signature headers — each hop signs the current snapshot and every previous signature, forming a tamper-evident chain. Inserting or forging a hop means breaking a signature.
The same chain lets recipients detect unexpected message replay, and ensures delivery status notifications only reach parties that actually handled the message.
Implementations & demo
This host runs a live DKIM2 demonstration server. Four independent implementations — in Python, Perl, Go, and C — interoperate in the project repository. Two mailing-list managers on this host sign with DKIM2 as they forward: