Back in the dark ages, the Internet really was a collection of incompatible networks with little gateway machines that could talk to DECnet, IBM token Ring, Ethernet and one-off systems that didn't last long enough to pass a message.

All of the computer makers recognized that Networks would be *BIG*, and everyone tried to make their idea the new Standard.

Even here in Ann Arbor, Applied Dynamics built a working microwave network before Xerox released their "ethernet" standard. But by the time we had it working, the momentum was already going to ethernet, even though it was still vaporware.

Along with incompatible networks, there were incompatible ways to send email messages. At one point there were jobs for people to take messages from one machine and type them into another. There was no other way to communicate between the two computer systems.

So, in this maze of twisty little protocols, a guy at Berkley (yeah, UCBerkley keeps coming up. They were busy little devils) made a thing called sendmail that could be configured to talk to any email program that existed, and a few that didn't exist yet, but just you wait!

Sendmail is still the most versatile email program out there. It's behind the scenes at most email provider. Because it has so many options and extensions and capabilities, it's also the hardest application to work with.

But, when nothing else will do what you need, sendmail can do it.

So, partly because it was available when I first started sending emails, and partly because I needed some features the other, simpler programs don't offer, I've been using Sendmail since the mid-90s.

Enter DKIM.

DKIM stands for Domain Keyed Internet Message. This is the love-child of Yahoo and Oracle (which should strike fear into your heart.)

DKIM uses a thing called public-key encryption where I encrypt something with my secret key, and you can decrypt it with my publicly available key.

Public key encryption is useless for secrecy, since anyone can get access to the public key. However, My public key will only work on files encrypted with my secret key. If decrypting the message with my public key works, you can be certain that I'm the guy who sent the message, not someone masquerading as me.

The idea with DKIM is that you put the public key for your encryption on your DNS server, so anyone can read it, and you make a checksum of your email with your hidden private key. When someone receives your email, they grab the public key and use that to confirm that your message matches the checksum and nobody has changed your name or message.

I've been fighting against DKIM for several months. I doubt there are many folks outside of the developers who really understand it. The how-to documents on the net are mostly "do this" with no explanation. I'm certain that the guys who wrote them just flailed until something worked, and then didn't dare touch it.

So, after a few bounces against how to format and label the public and private keys, I had a setup that almost worked. According the the validation sites, my mail had a DKIM checksum, my DNS had a matching public key, and the checksums did not match.

That last bit, "not match", was the killer.

Everything I could find indicated that I had everything set up correctly.

In fact, I did.

However, there's a little wrinkle here that I finally figured out last week.

Because I run Editomat, Noumena Corporation and my personal stuff from the house, my mailer needs to rewrite parts of the mail header to show that mail came from Noumena, Editomat, or me.

DKIM was creates the checksum *BEFORE* sendmail rewrites all the header information. After the data is changed, the checksum is wrong!

If you know that's what you're looking for, you can find discussions about this on the net.

Once I realized what the problem was, it only took me a few hours to find the incantations for sendmail that would do things in the right order.

Basicly, I flailed until it worked, and now I don't dare touch it.