The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.
This file summarizes what's changed between releases of Mail-DKIM.

1.20240619 2024-06-19 Australia/Melbourne
  * Remove version check for Net::DNS, this fixes issues when using a
    development version of Net::DNS

1.20240124 2024-01-24 UTC
  * ARC: Return fail for any ARC set with an instance number greater than 50.
    This brings ARC verification in line with DKIM verification limits.

1.20230911 2023-09-11 UTC
  * Option to add custom tags to generated ARC signatures and seals

1.20230630 2023-06-30 UTC
  * Add support for Ed25519 signature types
    Thanks to  Matthäus Wander @mwander
  * Option to add custom tags to generated signatures

1.20230212 2023-02-12 UTC
  + Fix typo in ARC signer example code.
    Thanks to @dev-aaront-org

1.20220520 2022-05-20 UTC
  + Change default algorithm in to sha-256
  + Use Getopt::Long::Descriptive in scripts for better command help

1.20220408 2022-04-08 UTC
  + Add support for signatures with an Expiration value

1.20200907 2020-09-07 UTC
  * ARC::Signer: Preserve leading fold from AR (if any) when copying to AAR.
    Thanks to @dev-aaront-org

1.20200824 2020-08-24 UTC
  * ARC::Signer: Set cv=none if message contains no ARC headers and no ARC result
    Thanks to @dev-aaront-org

1.20200724 2020-07-24 UTC
  * Fix test for change in live dns response

1.20200708 2020-07-08 UTC
  * Safer internal use of eval

1.20200513.1 2020-05-13 UTC
  * ARC: When sealing, don't die on an unparsable Authentication-Results header.


  2019-11-13: Marc Bradshaw <>

   Thanks to Martin Sluka <>
   * Prevent outer $SIG{__DIE__} handlers from being called

   Thanks to Todd Richmond
   * Lowercase q tag before use
   * Lowercase domain check
   * Strip quotes from in addition to other whitespace chars
   * Fix regex performance issue


  2019-10-08: Marc Bradshaw <>

   * Correct the $self->{result_reason} variable name for $self->{details} that is
     used by the parent class in Mail::DKIM::ARC::Signer


  2019-08-21: Marc Bradshaw <>

   * Properly verify the domain, not the instance, of an ARC signature.
     This allows ARC signatures by keys marked as no subdomains to
     validate correctly.


  2019-04-12: Marc Bradshaw <>

   * The authserv-id of an Authentication-Results header can contain
     CFWS, Use Mail::AuthenticationResults to parse the authserv-id
     from this field.
   * Improve parsing of authserv-id in ARC signer


  2018-10-12: Marc Bradshaw <>

   * The T tag on arcseal is not required


  2018-05-27: Marc Bradshaw <>

   * Make tests less dependent on local resolver setup
   * Add thanks to Valimail


  2018-01-12: Marc Bradshaw <>

   * Internet connection tests were declared in the wrong order


  2018-01-12: Marc Bradshaw <>

   * Fix for older versions of perl
   * Tests no longer fail with no internet connection


  2017-12-16: Marc Bradshaw <>

   * Added Strict mode to DKIM verifier
   * Code formatting fixes

  2017-12-14: John Levine <>

  * Make ARC code work a lot better
  * Add new and scripts
  * ARC code passing all tests and production ready.
  * Added strict mode to DKIM to reject sha1 and
    key sizes smaller than 1024 bit.


  2017-10-19: Marc Bradshaw <>

  * Added experimental support for ARC


   2017-09-20: Marc Bradshaw <>

   * Update tests for new DNS setup


   2017-07-29: Marc Bradshaw <>

   * Fix tests failing due to dns changes elsewhere
   * Moved to scripts directory


  2017-04-14: Marc Bradshaw <>

   * commit aac893fdbaa7f8ccd5d37fa7f20d1785406cda51
     Author: Marc Bradshaw <>
     Date:   Fri Mar 17 14:53:53 2017 +1100
      Avoid use of $_ in read loop
      RT 106485: Mail::DKIM::PrivateKey->load tampering $_ and <FILE>

   * commit 06934f259e392b2a3cf94560e6051d9e522d0bf3
     Author: Marc Bradshaw <>
     Date:   Fri Mar 17 14:44:44 2017 +1100
      Ensure PrivateKey file is closed properly.
      Store PrivateKey file handle in lexical variable and close it
      once we are done.
      RT 120638: Mail::DKIM::PrivateKey does not close FILE

   * commit 9e7c1c4cb78a6cb1cf396ece4379c7ed2c44c974
     Author: Marc Bradshaw <>
     Date:   Fri Feb 27 12:08:11 2015 +1100
      Allow greater control over signed headers

   * commit 8291c034dc7db4394e9df80e70b8cbe8428a38c2
     Author: Marc Bradshaw <>
     Date:   Fri Jan 23 09:54:02 2015 +1100
      Allow greater control over which headers are signed by Signer

  2013-02-07: Jason Long <>
   * lib/Mail/DKIM/ (add_signature): call fetch_public_key() iff
     the signature passes a validity check;
     (finish_header): set result to 'invalid' if signature does not have a
   * lib/Mail/DKIM/ (check_protocol): now returns a list of
     supported protocols, or an empty list if no supported protocols found.

  2013-02-06: Jason Long <>
   * t/corpus/good_83176.txt: add new email to test suite; this email contains
     a signature with a LIST of query methods, one of which is good, but the
     rest should be quietly ignored. This test currently fails.
   * lib/Mail/DKIM/ (check_protocol): support multiple methods being
     specified in signatures q= tag. We look for dns/txt to occur anywhere in
     the field; all other values are ignored.

   * Fix to better comply with DKIM specification:
      * DKIM signatures with multiple methods specified in q= tag are now
        accepted. Such signatures are not known to appear in real life.
        ( issue #83176)

   * Allow greater control over which headers are signed by Signer
      * Added the extended_headers() method to allow headers
        to be oversigned, or skipped.

   * bugfixes:
      * PrivateKey file is now closed correctly after being read.
      * Use lexical rather than named file handle


  2013-02-06: Jason Long <>
   * lib/Mail/DKIM/ revert change that enabled EDNS0 by default;
     provide enable_EDNS0() subroutine for enabling EDNS0
   * scripts/ sample verification script updated to enable
     EDNS0 before performing the verification

  2013-02-06: Jason Long <>
   * lib/Mail/DKIM/ set udppacketsize to 1240, which is small enough
     that packet fragmentation will not normally occur; use DNS txtdata()
     method on versions of Net::DNS that support it. (This patch contributed
     by Mark Martinec.)

  2013-02-04: Jason Long <>
   * lib/Mail/DKIM/ set default udppacketsize to 2048, which seems
     to be the suggested value to use in the Net::DNS documentation.

  2013-02-04: Jason Long <>
   * lib/Mail/DKIM/ avoid an 'uninitialized value' warning when
     signature being verified is missing a d= tag; accept a selector name
     of '0' rather than treating it as if the s= tag was missing
   * lib/Mail/DKIM/ sanity check selector/domain before
     attempting a DNS query (this fixes another 'uninitialized value' warning)
   * lib/Mail/DKIM/ avoid an 'uninitialized value' warning when
     calling identity() and d= tag is missing

  2013-02-04: Jason Long <>
   * lib/Mail/DKIM/ construct a default RESOLVER that sets
     udppacketsize to 1280. This enables EDNS0 (extension mechanism for DNS),
     allowing Mail::DKIM to handle larger keys.

  2012-11-28: Jason Long <>
   * lib/Mail/DKIM/ replace use of query() with send(), since it
     is never appropriate to append the default domain, and using send()
     paves the way to using bgsend() in the future for async dns.
     Contributed by Mark Martinec.
   * lib/Mail/DKIM/ add global variable $RESOLVER which the
     user can override if they want to specify options to Net::DNS.

  2012-11-28: Jason Long <>
   * lib/Mail/DKIM/ rewrite of line parsing logic to
     avoid unnecessary copying of the internal buffer. This replaces use
     of $self->{buf} with ${ $self->{buf_ref} } in many places. Patch
     contributed by Mark Martinec.

  2012-11-28: Jason Long <>
   * lib/Mail/DKIM/ throw proper error message if an invalid
     algorithm is requested
   * lib/Mail/DKIM/ further refinement to fix Perl warning
     about use of uninitialized value

  2011-04-21: Jason Long <>
   * lib/Mail/DKIM/ fix a Perl warning about use of an
     uninitialized value (reported by

  released 2013-02-07

   * New/changed functionality:
      * a single DNS resolver is created for the lifetime of the program,
        rather than reinitializing the resolver for each new query.

   * bugfixes:
      * fix the error message given when an invalid algorithm is
        specified in the construction of Mail::DKIM::Signer.
      * avoid Perl warning about use of an undefined value in several
        places ( issue #82913).
      * speed- improved performance of parsing the message into lines
        ( issue #77902). Patch by Mark Martinec.
      * fix DNS queries to use the correct method (txtdata) of Net::DNS
        ( issue #83170). Patch by Mark Martinec.

   * API changes:
      * global subroutines resolver() or enable_EDNS0() in module
        Mail::DKIM::DNS can be called to specify non-default options
        to Net::DNS::Resolver (see also issue #80425).


  2010-11-14: Jason Long <>
   * lib/Mail/DKIM/ fix an unusual error message given when
     no Key argument has been specified and it is time to load the

  2010-06-11: Jason Long <>
   * t/signer_dk.t: create regression tests for DomainKeys signature

  2010-06-11: Jason Long <>
   * lib/Mail/DKIM/,, Algorithm/
     (finish_header): provide reference to entire list of headers at
     completion of header, so that canonicalizers do not need to store
     their own copy of the header
   * lib/Mail/DKIM/Canonicalization/ do not store header as
     parsed, rather only canonicalize header within finish_header()
   * lib/Mail/DKIM/Canonicalization/ do not store header as
     parsed, rather only canonicalize header within finish_header()
   * lib/Mail/DKIM/Canonicalization/ (finish_header): change API
   * t/simple_canonicalization.t: update for the API change of

  2010-06-03: Jason Long <>
   * lib/Mail/DKIM/ prevent abuse- if a message has more than
     50 signatures headers, we start ignoring them (it's unreasonable for
     a message to have more than a very few signature headers).

  2010-04-08: Jason Long <>
   * t/verifier.t: wrote some tests for DomainKey signatures with empty,
     missing, or invalid q= tag values
   * lib/Mail/DKIM/ move use of check_signature_identity() out
     of finish_header() and into check_and_verify_signature(); this fixes
     an issue with getting wrong error codes when q= tag is broken.

  released 2010-11-14

   * bugfixes:
      * fix issue with getting wrong error codes when q= tag is empty
        (issue #3011005)
      * anti-abuse- prevent a message with thousands of signatures from
        thrashing the whole computer (issue #3010997)
      * memory usage- significantly reduced memory footprint for
        processing a message with a large header and many signatures
      * fix error message given when no KeyFile has been specified
        (issue #1889690)

   * API changes:
      * the Canonicalization::finish_header() method now expects a
        argument to be passed to it. In the unusual case that you are
        using this method from your own code, please update your code.


  2010-03-31: Jason Long <>
   * lib/Mail/DKIM/, avoid calling lc() on
     an undefined value (this generates warnings in Perl 5.12.x).
     Patch contributed by Mark Martinec.

  2010-03-01: Jason Long <>
   * lib/Mail/DKIM/ (load): fix bug where a private key file
     named '0' could not be loaded

  2010-03-01: Jason Long <>
   * lib/Mail/DKIM/ (new): accept Key parameter when
     constructing a DomainKey signature object

  2010-02-27: Jason Long <>
   * t/external_signer.t: test use of an alternate object for Key
     during a "sign" operation

  2010-02-24: Jason Long <>
   * lib/Mail/DKIM/ document use of an alternate object for
     PrivateKey objects

  2010-02-24: Jason Long <>
   * lib/Mail/DKIM/ import in this module,
     rather than in the Algorithm modules

  2010-02-24: Jason Long <>
   * lib/Mail/DKIM/ document the sign_digest() method
   * lib/Mail/DKIM/Algorithm/*: use sign_digest() rather than

  2010-01-23: Jason Long <>
   * t/public_key.t: test that DNS failure reason is given, when
     DNS returns no results
   * lib/Mail/DKIM/ bugfix (introduced by async_dns branch):
     preserve $@ in case of no error

  2010-01-23: Jason Long <>
   * lib/Mail/DKIM/{DNS,Signature,PublicKey,Policy}.pm: merged my
     "async dns" branch

  --BEGIN "ASYNC DNS" branch
  2009-07-10: Jason Long <>
   * lib/Mail/DKIM/ new fetch_async method, seems to work

  2009-07-10: Jason Long <>
   * lib/Mail/DKIM/ new fetch_public_key method,
     which starts an asynchronous query for the public key
     referenced by this signature; redesign get_public_key to
     know how to complete the query

  2009-07-10: Jason Long <>
   * lib/Mail/DKIM/ new fetch_async method: starts a
     query and returns a subref that when called will complete the

  2009-07-10: Jason Long <>
   * lib/Mail/DKIM/ new query_async method: starts a query and
     returns a subref that when called will complete the query
  --END "ASYNC DNS" branch

  2009-12-14: Jason Long <>
   * MANIFEST: include script in tarball

  2009-09-08: Jason Long <>
   * lib/Mail/DKIM/ restart timer after a DNS lookup; based on a
     patch contributed by Mark Martinec

  released 2010-03-31

   * New/changed functionality:
      * DNS lookups can now be started asynchronously; the queries are
        created as the header is parsed; the results are not actually
        needed until the entire message has been read. (The Mail::DKIM
        module does not yet do the queries asynchrously; this is just
        the infrastructure so that the queries can be asynchronous in
        the future.)

   * bugfixes:
      * DNS lookup overrides alarm() signal (issue #2854325)

   * documentation updates:
      * document use of custom PrivateKey object, for external signing
      * describe how to get "pretty signatures" in


  2009-09-02: Jason Long <>
   * t/adsp.t: a test script for checking
   * lib/Mail/DKIM/ use d= tag not i= tag when
     checking for first-party signatures; fix for testing() method
     not found error; fix for "all" and "discardable" not doing the
     right thing
  2009-08-14: Jason Long <>
   * a sample script showing how to use Mail::DKIM
     with MIME::Lite

  2009-07-10: Jason Long <>
   * lib/Mail/DKIM/ revert ability for subclasses to
     override behavior of no-results DNS query
   * lib/Mail/DKIM/ if ADSP record is not found,
     check whether the domain itself exists
   * t/policy.t: add a test for the ADSP record causing a DNS error
     but the domain itself still existing

  2009-07-10: Jason Long <>
   * t/public_key.t: refine the testing for DNS timeouts and SERVFAIL
   * t/policy.t: add some tests for DNS failures during policy queries
   * lib/Mail/DKIM/ more explicit documentation
     describing how DNS errors (and NXDOMAIN results) are handled

  2009-07-09: Jason Long <>
   * lib/Mail/DKIM/ allow subclasses to override behavior
     when DNS query returns no records
   * lib/Mail/DKIM/ when DNS query returns no
     records, check the domain itself and possibly die.

  2009-07-09: Jason Long <>
   * lib/Mail/DKIM/ wasn't using the right API to get
     the ADSP policy

  2009-07-09: Jason Long <>
   * lib/Mail/DKIM/, changed the
     format of how methods are documented

  2009-07-07: Jason Long <>
   * lib/Mail/DKIM/, add a
     description of the class to the documentation

  2009-06-09: Jason Long <>
   * scripts/ fix typo in the debugging output

  2009-06-09: Jason Long <>
   * t/signer.t: test case for bug 2803465: space between header field
     name and colon cause signature to skip that header
   * lib/Mail/DKIM/ (add_header): fix regexp so that a space
     between the header field name and the colon is not treated as part
     of the header field name (issue #2803465)

  2009-06-02: Jason Long <>
   * t/policy.t: test for the as_string() method

  released 2009-09-08

   * New/changed functionality:
      * ADSP records now check whether the domain itself exists, in
        accordance to the ADSP specification

   * bugfixes:
      * fixed regexp used to detect header field names (issue #2803465)
      * various fixes to ADSP checking


  2009-06-02: Jason Long <>
   * lib/Mail/DKIM/ (as_string): restore this method which was
     accidentally removed in 0.34.

  released 2009-06-02

   * API changes:
      * restore the as_string() method which was accidentally removed
        in version 0.34


  2009-05-22: Jason Long <>
   * t/signer.t: add a test-case of a message with 10000's of blank
     lines; this seems to DoS the canonicalization routines
   * lib/Mail/DKIM/Canonicalization/{simple,relaxed,dk_simple}.pm:
     fix for bug reported on amavis-user list, patch provided by
     Mark Martinec. Thanks!

  released 2009-05-22

   * bugfixes:
      * fixed a runaway regular expression in the canonicalization
        routines (patch provided by Mark Martinec)


  2009-05-20: Jason Long <>
   * lib/Mail/ rewrite the description section of the Mail::DKIM
     man page
   * lib/Mail/DKIM/ document fetch_author_domain_policies()
   * Makefile.PL: release 0.34

  2009-05-18: Jason Long <>
   * t/signer.t: add a test-case of a message without a header
   * lib/Mail/DKIM/ (init): initialize variables used by methods
     in this class; fixes RT.CPAN.ORG bug #46179

  2009-04-04: Jason Long <>
   * lib/Mail/DKIM/ (fetch_author_domain_policies): new method
     for fetching ADSP records for a particular message

  2009-04-03: Jason Long <>
   * lib/Mail/DKIM/ moved the DomainKeys-specific policy
     stuff from to here
   * t/policy.t: change tests to use DkPolicy instead of Policy
   * lib/Mail/DKIM/ (fetch_sender_policy): use DkPolicy
     class instead of Policy class

  2009-04-03: Jason Long <>
   * lib/Mail/DKIM/ first draft of ADSP support

  2009-04-03: Jason Long <>
   * lib/Mail/DKIM/ rename fetch_policies() to policies()
   * scripts/ replace use of fetch_policies() with

  2009-03-30: Jason Long <>
   * lib/Mail/DKIM/ document a "temperror" result, which
     I will soon provide support for

  2009-03-30: Jason Long <>
   * t/verifier.t: add support for testing DNS failures; add tests for
     detail messages of public key errors
   * t/verifier.t: add some tests of DNS failures

  2009-03-30: Jason Long <>
   * lib/Mail/DKIM/ (get_public_key): remember errors and
     always report them the same way

  2009-03-30: Jason Long <>
   * lib/Mail/DKIM/, new method "name" to give a
     short name of the policy
   * scripts/ use the new fetch_policies() api to list
     the results of applicable policies

  2009-03-24: Jason Long <>
   * lib/Mail/DKIM/ (fetch_policies): new method for fetching
     all applicable policies, and is guaranteed not to "die".

  2009-03-24: Jason Long <>
   * lib/Mail/DKIM/ use a global variable to specify what Timeout
     to use
   * lib/Mail/DKIM/ detect DNS resolver errors and report them
   * t/public_key.t: test various DNS failures

  2009-03-10: Jason Long <>
   * t/simple_canonicalization.t: fix simple-canonicalization test, which
     broke when I removed support for prestandardized DKIM signatures

  2009-03-10: Jason Long <>
   * lib/Mail/DKIM/Algorithm/*, lib/Mail/DKIM/Canonicalization/*,
     lib/Mail/DKIM/, t/verifier.t: remove support and tests
     for the prestandardized DKIM signatures (issue #1871948)
   * Makefile.PL: bump version

  released 2009-05-20

   * New/changed functionality:
      * support for ADSP (author-domain-signing-practices) records
      * removed support for pre-standardized DKIM signatures (i.e. these
        are DKIM signatures without a v= or bh= tag).
      * DNS resolver errors are detected and reported as such

   * API changes:
      * renamed Mail::DKIM::Policy to Mail::DKIM::DkPolicy. Programs using
        the former name to create policy objects directly (though it would
        be more expected to fetch the objects through
        Mail::DKIM::Verifier) should update their code
      * new policies() method in Mail::DKIM::Verifier for fetching all
        applicable sender/author signing policies

   * bugfixes:
      * Signer object would die if first line of input wasn't a header
        ( issue #46179)


  2009-03-10: Jason Long <>
   * Makefile.PL: release "0.33"

  2008-11-19: Jason Long <>
   * lib/Mail/DKIM/, (DEFAULT_PREFIX): new
     method which determines what prefix to use in as_string, prettify,
   * lib/Mail/DKIM/ (wrap): when splitting the h= field,
     only allow breaks prior to ':' symbols

  2008-11-19: Jason Long <>
   * t/signature.t: further checks for prettify signatures (found a case
     where the new code caused a regression)
   * lib/Mail/DKIM/ (flush): remember to update cur position
     when flushing text; use a "may_break" internal variable to know
     whether a linebreak is acceptable; other fixes
   * t/textwrap.t: another test case illustrating failure in
   * lib/Mail/DKIM/ (wrap): call flush() right after the
     ';' character; this is a further fix for #2257046.

  2008-11-10: Jason Long <>
   * lib/Mail/DKIM/ (flush): new method to explicitly allow a
     break at the current point in the string
   * lib/Mail/DKIM/ (wrap): call flush() whenever changing
     TextWrap parameters (this should complete the fix for #2257046)

  2008-11-06: Jason Long <>
   * t/signature.t: test Mark Martinec's bad-signature-wrapping bug

  2008-11-06: Jason Long <>
   * t/verifier.t: use a "fake" dns implementation, so that this test
     will pass no matter the user's state of dns

  2008-11-06: Jason Long <>
   * lib/Mail/DKIM/ (query): changed API so that it now returns
     a list of Net::DNS::RR objects, rather than a Net::DNS::Packet object.
   * lib/Mail/DKIM/ update for the change to the api.
   * lib/Mail/DKIM/ update for the change to the api.

  2008-11-06: Jason Long <>
   * lib/Mail/DKIM/ (encode_qp, decode_qp): suppress a warning
     about an uninitialized value
   * lib/Mail/DKIM/ (message_originator, message_sender): if a
     From/Sender line is present, but blank, still return a valid object
     (issue #2126559)
   * t/public_key.t: new test to check for DNS problems

  released 2009-03-10

   * bugfixes:
      * signature wrapping would sometimes cause improper preparation of
        DKIM signatures, with "simple" canonicalization (issue #2257046)
   * test scripts:
      * the included corpus is now verified using a fake-DNS resolver,
        which means the test corpus can validate even when your DNS
        servers are really slow


  2008-05-09: Jason Long <>
   * lib/Mail/DKIM/Algorithm/ when populating a DomainKey
     signature's identity, record where the identity came from
   * lib/Mail/DKIM/ (identity_source): make the source of
     the identity (i.e. sender header or from header) available as a

  2008-05-09: Jason Long <>
   * lib/Mail/DKIM/ (identity): do quoted-printable encoding/
     decoding for the i= tag (issue #1839015)
   * t/corpus/good_qp_1.txt, good_qp_2.txt, good_qp_3.txt: three test
     files for identities using quoted-printable encoding

  2008-04-14: Jason Long <>
   * lib/Mail/DKIM/ documentation for get_tag()

  2008-04-14: Jason Long <>
   * lib/Mail/DKIM/ (check_granularity): do case-sensitive
     comparison (issue #1938112)

  2008-04-14: Jason Long <>
   * t/corpus/badkey_12.txt: fix g= case-sensitivity test so it won't give
     false positives on dkim-milter
   * t/corpus/badkey_13.txt: test that the verifier checks granularity
     against i= tag, not the From header

  2008-04-14: Jason Long <>
   * lib/Mail/DKIM/Algorithm/, replace use of
     Digest::SHA1 with equivalent Digest::SHA
   * Makefile.PL: remove requirement for Digest::SHA1

  2008-04-14: Jason Long <>
   * Makefile.PL: bump version

  released 2008-06-03

   * removed requirement for Digest::SHA1 (issue #1832549).
      We now use the more capable Digest::SHA module for SHA-1 and SHA-256.
   * bugfixes:
      * granularity checking should be case-sensitive (issue #1938112).
      * identity tag now uses quoted-printable encoding (issue #1839015).
   * API improvement:
      * implemented identity_source() for DkSignature objects 


  2008-04-08: Jason Long <>
   * lib/Mail/DKIM/ allow Cork argument to new() (#1879209)

  2008-04-07: Jason Long <>
   * lib/Mail/DKIM/ fix "use of uninitialized value in string"
   * lib/Mail/DKIM/ provide public API to public-key object of
     signatures, e.g. so its flags can be accessed (issue #1879215);
     also, if an error occurs fetching the public-key record, the failure
     is cached so it won't get tried again
   * lib/Mail/DKIM/ document how to create a DomainKey-Signature

  2008-02-20: Jason Long <>
   * lib/Mail/DKIM/ implement BreakBefore option;
     provided a bunch of documentation for this module
   * t/textwrap.t: tests new functionality of TextWrap
   * lib/Mail/DKIM/ colon-separated lists are now "wrapped"
     with colons appearing at the beginning of the next line instead of
     at the end of the current line (hoping this will fix #1868648)

  2008-02-06: Jason Long <>
   * lib/Mail/DKIM/ conserve space by omitting "c=simple"
     and "q=dns/txt" (#1878518)

  2008-02-06: Jason Long <>
   * lib/Mail/DKIM/Canonicalization/,
     bugfix for issue #1878954 (undef value used as an ARRAY ref)
   * lib/Mail/DKIM/Canonicalization/ some cleanup,
     possible bugfix for verifying message with two+ DomainKey signatures
   * lib/Mail/DKIM/ allow caller of fetch_author_policy() to
     specify domain (#1879197)
   * lib/Mail/DKIM/ cleanup- indentation style;
     throw error on load() if missing argument

  2008-01-24: Jason Long <>
   * lib/Mail/DKIM/,,,
     fix parsing regexes used to split email address into localpart and
     domain (issue #1878994)

  2008-01-10: Jason Long <>
   * Makefile.PL: bump version
   * lib/Mail/DKIM/ make sure all public key problems are
     prefixed with "public key:" (most were already, see below for actual
   * lib/Mail/DKIM/ since is providing the "public
     key:" prefix, it can be omitted in error messages
   * lib/Mail/DKIM/Verifier: the following result_detail messages have changed:
       "no public key available" => "public key: not available"
       "key value list syntax error" => "syntax error"
                                     or "public key: syntax error"
   * t/verifier.t: test that "public key" is mentioned

  released 2008-04-14

   * some error detail messages were changed (see ChangeLog, 2008-01-10 entry)
   * by default, and when possible, DKIM signatures now omit c= and q= tags
      (they are optional tags) (issue #1878518)
   * DKIM and DomainKey signatures are now wrapped so that line breaks
      occur before colon (':') separators instead of after; this avoids
      confusing some broken MUAs (issue #1868648)
   * bugfixes:
      * "undef value" error when DKIM signature appears at end of header
        (issue #1878954)
      * use proper regexp for splitting email address (issue #1878994)
   * API improvements:
      * can specify a domain for fetch_author_policy() (issue #1879197)
      * can access a signature's public-key object (issue #1879215)
      * can specify an OpenSSL-private-key object for PrivateKey->new()
        (issue #1879209)


  2008-01-24: Jason Long <>
   * lib/Mail/DKIM/Algorithm/*: implement wants_pre_signature_headers()
     for each algorithm
   * lib/Mail/DKIM/ if the algorithm "wants_pre_signature_headers",
     then feed headers found prior to the signature to the
     signature-specific algorithm doing the verification. This fixes an
     issue where signatures from fail to verify (reported by
     Mark Martinec).

  released 2008-01-24

   * bugfix:
     * email from was failing to verify (issue #1878523)


  2007-12-10: Jason Long <>
   * lib/Mail/DKIM/ (is_subdomain): do case-insensitive
   * t/corpus/good_dk_7.txt: tests DK signature with domain names that
     differ only in case
   * t/corpus/good_rfc4871_4.txt: tests DKIM signature with i= and d=
     contain domain names differing in case
   * t/corpus/badkey_12.txt: tests public key where i=JLong, g=jl*ng

  2007-12-07: Jason Long <>
   * t/verifier.t: three new DK tests
   * t/corpus/good_dk_6.txt: tests DK signature without h= tag
   * t/corpus/bad_dk_2.txt: tests DK signature w/o h= tag, Sender has
     been added
   * t/corpus/dk_multiple_1.txt: tests two DK signatures (with different
     domains) in a single message... both should pass
   * Makefile.PL: version bump

  2007-12-07: Jason Long <>
   * lib/Mail/DKIM/, lib/Mail/DKIM/Algorithm/,
     domainkeys: determine identity from algorithm object.  Currently the
     DomainKeys identity is determined by the Verifier.  It is
     theoretically possible for two different DomainKeys signatures on
     the same message to have different identities.  (This happens when
     one DomainKey signature includes a Sender header, and the other one
     does not.) This patch moves the determination of identity to the
     algorithm object.

  2007-12-07: Jason Long <>
   * lib/Mail/DKIM/, lib/Mail/DKIM/ initialize
     signatures early.  This patch makes Mail::DKIM::Verifier initialize
     and check the signature object as soon as it is parsed, and
     subsequent headers are fed into the algorithm as they are read,
     instead of waiting for the end of header.
   * lib/Mail/DKIM/ fix DK identity.  The previous patch broke
     identity-checking for DomainKeys signatures.  This patch moves some
     things around so that identity checking still works.

  2007-12-07: Jason Long <>
   * lib/Mail/DKIM/ (add_signature): changed to take a
     signature object, instead of an unparsed header line

  2007-11-21: Jason Long <>
   * t/corpus/bad_dk_2.txt renamed to dk_headers_2.txt: revert this
     rename from earlier... the message should "pass" after
     all (the Sender header was not part of the signature)

  2007-11-21: Jason Long <>
   * lib/Mail/DKIM/ provide documentation for Key parameter
   * lib/Mail/DKIM/ created documentation for this package
   * lib/Mail/DKIM/ implement Key parameter for constructor,
     and key() method to get/set the private key

  2007-11-14: Jason Long <>
   * lib/Mail/DKIM/ for DomainKeys signatures, use the message
     sender as the identity
   * lib/Mail/DKIM/ allow verifier to supply the signing
   * lib/Mail/DKIM/, hack for allowing
     DomainKeys signatures to use public keys with empty g= tags

  2007-11-14: Jason Long <>
   * lib/Mail/DKIM/, update documentation for
     message_sender() and message_originator() methods, which are now
     guaranteed to return an object
   * lib/Mail/DKIM/ (message_sender, message_originator):
     always return a Mail::Address object, even if the relevant headers
     were not found
   * t/corpus/dk_headers_2.txt renamed to bad_dk_2.txt: it turns out this
     message should've been failing all along, since the Sender header
     doesn't match the domain of the signature
   * lib/Mail/DKIM/ slight change to the "unsupported version"
     detail message (don't want nested parenthesis)

  2007-11-14: Jason Long <>
   * t/corpus/goodkey_4.txt: tests signature with i=a@b, public key implied g=
   * lib/Mail/DKIM/ (check_granularity): fixed broken
     ends-with check, reported by Mark Martinec
   * t/corpus/good_dk_3.txt, good_dk_4.txt, good_dk_5.txt:
     these files test DomainKeys signatures with g= values in the public keys
   * t/corpus/bad_dk_1.txt: this one should fail, since the signature
     domain does not match the From/Sender header
   * scripts/ added option to override signature's d= tag
   * t/corpus/badkey_11.txt: tests a valid, but unmatched h= in public key

  2007-11-08: Jason Long <>
   * lib/Mail/DKIM/Canonicalization/,
     more speed-up optimizations by Mark Martinec, now multiple lines
     at once can be fed into the canonicalization bits

  2007-11-08: Jason Long <>
   * Makefile.PL, others: version bump to 0.30

  2007-11-08: Jason Long <>
   * lib/Mail/DKIM/ minor doc edit
   * scripts/ generate "pretty" signatures;
     die on unrecognized signature type

  2007-11-07: Jason Long <>
   * lib/Mail/DKIM/Algorithm/ cleanup (delete commented-out code)
   * lib/Mail/DKIM/Algorithm/ (finish_message): fix bug
     where DomainKeys signatures were not "pretty",
     reported by Byung-Hee HWANG.

  2007-11-07: Jason Long <>
   * lib/Mail/DKIM/ allow Timestamp to be specified to new()
   * lib/Mail/DKIM/ allow Timestamp to be specified to new(),
     requested by Mark Martinec
   * t/signer.t: test timestamp creation

  2007-11-06: Jason Long <>
   * lib/Mail/DKIM/Canonicalization/,
     lib/Mail/DKIM/ speedup optimizations contributed
     by Mark Martinec.
   * lib/Mail/DKIM/Canonicalization/dk_simple,pm
     lib/Mail/DKIM/Canonicalization/ more speed up optimizations
     by Mark Martinec.

  released 2008-01-10

   * includes speed-up optimizations by Mark Martinec
   * DomainKeys, implement proper identity matching...
     a DomainKey-Signature's domain should match the From/Sender address
   * several more test cases
   * API improvements:
     * accept additional arguments when creating Signer/Signature
   * bugfixes:
     * DomainKey-Signature headers were not "prettified"
     * granularity ending with '*' was not checked correctly
     * DomainKey-Signature granularity was checked against the wrong value


  2007-11-07: Jason Long <>
   * lib/Mail/DKIM/ signatures() is now public

  2007-10-30: Jason Long <>
   * t/corpus/good_rfc4871_3.txt: to test extra tags in signature
   * scripts/ allow user to specify arbitrary extra tags for
     putting in the signature
   * lib/Mail/DKIM/ make "not implemented" messages
     more helpful
   * t/corpus/badkey_10.txt: to test key with t=s
   * lib/Mail/DKIM/ allow check_granularity() to return different
     detail messages; describe two additional result_detail possibilities
   * lib/Mail/DKIM/ (check_granularity): check for empty g= value;
     check for subdomain usage;
     (subdomain_flag): helper method to look for "s" in flags
     (flags): return default value if no t= tag

  2007-10-26: Jason Long <>
   * t/corpus/badkey_9.txt: to test empty g= in selector
   * t/corpus/ignore_8.txt: to test bad i= value in signature
   * lib/Mail/DKIM/ check signature identity value

  2007-10-24: Jason Long <>
   * t/corpus/badkey_8.txt, ignore_5.txt, ignore_6.txt: fix signature so
     it would verify if not for the flaw in the public key
   * scripts/ allow key protocol to be specified on command
   * lib/Mail/DKIM/ update documentation on possible error
   * lib/Mail/DKIM/ cleanup error code

  2007-10-24: Jason Long <>
   * t/corpus/badkey_*.txt: changed subjects to indicate which test it is
   * t/corpus/badkey_7.txt, badkey_8.txt, goodkey_1.txt, goodkey_2.txt,
     goodkey_3.txt: additional tests of public key features
   * t/corpus/verifier.t: test the new test messages
   * lib/Mail/DKIM/ (check_public_key): check key granularity
     and report the problem if it doesn't match
   * lib/Mail/DKIM/ (check_granularity): a method for testing
     the granularity
     (granularity): return the default value of '*' if g= not defined
   * scripts/ ability to set i= tag from command-line

  2007-10-24: Jason Long <>
   * lib/Mail/DKIM/ (check_signature): do signature version check
     (finish_header): report invalid signature details to the signature
     (signatures): return all parsed signatures, not just "valid" signatures
   * lib/Mail/DKIM/ some misc. cleanup
     (check_version): version check is now a separate method, rather than
     being part of parse()
   * lib/Mail/DKIM/ (check_version): always true
   * t/corpus/multiple_2.txt: a message testing multiple signatures with
     different results
   * t/verifier.t: verify that each signature's results are available and

  2007-10-24: Jason Long <>
   * t/corpus/ignore_7.txt: a message with an expired signature
   * lib/Mail/DKIM/ recognize Expiration as a parameter
   * scripts/ make it possible to create a signature with an
     x= tag
   * t/verifier.t: test ignore_7.txt message, should "ignore"
   * lib/Mail/DKIM/ check signature expiration when verifying
   * lib/Mail/DKIM/ (check_expiration): new method

  2007-10-08: Jason Long <>
   * lib/Mail/DKIM/ use "Key" property instead of "private" to
     store the private key; new methods key() and key_file(); allow each
     signature to have its own private key
   * t/signer_policy.t: test specifying a key file in a policy

  2007-10-04: Jason Long <>
   * lib/Mail/DKIM/ return nonzero for PRINT and CLOSE
   * lib/Mail/DKIM/ make expiration() for DomainKey-Signature
     behave more compatibly with expiration() for DKIM-Signature
   * lib/Mail/DKIM/ remove dependency on Error module
   * README: what I'm interested in if make test fails
   * lib/Mail/DKIM/ fix bug reported by dairiki, who noticed that
     the Signer class ignored the signature-specified algorithm when
     building the algorithm object
   * scripts/ update POD a bit
   * scripts/ add POD
   * lib/Mail/DKIM/Canonicalization/, Algorithm/
     add see also, author, copyright sections to POD
   * lib/Mail/DKIM/Algorithm/, remove useless pod
   * ...and others...: inline documentation (POD) cleanup

  2007-10-03: Jason Long <>
   * lib/Mail/DKIM/Canonicalization/ attempt at making the
     header handling algorithm easier to understand
   * t/signer.t: test case for unreadable private key
   * lib/Mail/DKIM/ die if unable to open private key file
   * lib/Mail/DKIM/ no more need for a separate existance check
     on the private key filename
   * lib/Mail/DKIM/ allow Identity to be specified in new()
   * lib/Mail/DKIM/ allow Identity to be specified in new()
   * t/signer.t: test that specifying Identity works

  2007-10-02: Jason Long <>
   * lib/Mail/DKIM/Canonicalization/ there are some varying
     opinions about how to verify DomainKey-signed messages when there is
     an h= tag and the headers are in a different order... this is an
     attempt at making our verifier more compatible with other
   * dk_headers.txt: some notes on multiple-occuring headers

  2007-09-06: Jason Long <>
   * lib/Mail/DKIM/ (get_lookup_name): new method that determines
     the name of the record to lookup
   * lib/Mail/DKIM/ no longer need to override fetch(), now
     it just overrides get_lookup_name()

  released 2007-11-08

   * verifiers can now access all parsed signatures and their results,
     not just signatures that were fully tested
   * signer policies can now specify what private key file to use
   * some other minor API improvements
   * bugfixes:
     * for DomainKeys signatures, fixed a compatibility issue handling
       the h= tag
     * for DKIM, signature expirations had been ignored
     * for DKIM, signature identities did not have to match the domain
     * for DKIM, public key granularity field had been ignored


  2007-07-31: Jason Long <>
   * Makefile.PL: OpenSSL 0.23 segfaults on certain signatures, so
     the requirement is now Crypt::OpenSSL::RSA 0.24 or better
   * lib/Mail/DKIM/ don't split the header in the middle
     of a tag name

  released 2007-07-31

   * fixed a bug with line-wrapping a signature at the wrong place


  2007-07-25: Jason Long <>
   * lib/Mail/DKIM/ (identity_matches): new method to help
     comparing a From/Sender address with the signature identity
   * lib/Mail/DKIM/, use identity_matches function

  2007-07-18: Jason Long <>
   * lib/Mail/DKIM/ changed fetch_policy() back to
     fetch_author_policy(); added fetch_sender_policy();
     save results for each signature
   * lib/Mail/DKIM/ now implements just Dk policies
   * lib/Mail/DKIM/ a new module for DKIM signing practices
   * lib/Mail/DKIM/ can now get/set the verification result
     for each signature
   * scripts/ handle DOS-formated input
   * scripts/ show multiple signatures' results; show
     both policy results

  2007-06-11: Jason Long <>
   * lib/Mail/DKIM/ public_key no longer available as a
     verifier property; use eval block instead of try...otherwise;
     experimental signatures() method
   * lib/Mail/DKIM/ added description section to Perldocs;
     replaced a couple try...otherwise blocks with eval blocks

  2007-06-08: Jason Long <>
   * policies.txt: some thoughts on dealing with two different types of
     policy records
   * lib/Mail/DKIM/ default() is now a private class method
   * lib/Mail/DKIM/ moved DNS query to
   * lib/Mail/DKIM/ moved DNS query to
   * lib/Mail/DKIM/ new module that does the common DNS lookups

  2007-06-07: Jason Long <>
   * lib/Mail/DKIM/ change "parse Mail::Address" to my preferred
     "Mail::Address->parse" style
   * t/policy.t: test policy lookup by email address instead of domain;
     test policy lookups on a few well known domains
   * lib/Mail/DKIM/ minor doc changes; renamed
     fetch_author_policy() to fetch_policy(); fetch_author_policy still
     works for backward compatibility
   * lib/Mail/DKIM/ allow lookups given sender/from addresses
     (location): new method to determine where the policy came from

  2007-06-05: Jason Long <>
   * lib/Mail/DKIM/ create the default policy only once;
     (is_implied_default_policy): new method to check whether the policy
     was explicit or implied
     (fetch): get policy record at the Yahoo!-DomainKeys-defined location,
     rather than the location in the not-yet-finished DKIM SSP spec.
   * t/policy.t: test is_implied_default_policy method

  released 2007-07-25

   * Sender signing policies are now better implemented
   * Both Yahoo! DomainKeys signing policies and the under-development
     IETF DKIM signing policies are supported
      * Yahoo! DomainKeys policies can protect the Sender: header
      * DKIM signing policies can protect the From: header
     Look at Mail::DKIM::Verifier's fetch_author_policy() and
     fetch_sender_policy() methods for hints.


  2007-05-24: Jason Long <>
   * lib/Mail/DKIM/ accept and use v=1 tag instead of v=0.5
   * lib/Mail/DKIM/ oops, left a syntax error in here
   * t/signer.t: new expected signature value, since signature now has v=1

  2007-05-10: Jason Long <>
   * lib/Mail/DKIM/ simplify error handling in fetch()
   * lib/Mail/DKIM/ simplify error handling in fetch()

  released 2007-05-24

   * recognize and generate v=1 signatures (DKIM is now RFC 4871)


  2007-05-10: Jason Long <>
   * lib/Mail/DKIM/ separator should be "\015\012" not "\n";
     allow splitting on whitespace in a colon-separated list value
   * Makefile.PL: it seems version 0.22 or better is required of

  2007-05-01: Jason Long <>
   * t/signature.t: test prettify_safe()
   * lib/Mail/DKIM/ new wrapping module to help with prettifying
     the signature
   * lib/Mail/DKIM/ (wrap): new method to help wrap the
   * lib/Mail/DKIM/ wrap the signature
   * lib/Mail/DKIM/Algorithm/ oops, prettify() should only be called
     when we're _making_ the signature
   * lib/Mail/DKIM/ (wrap): only do something if TextWrap
     has been loaded (no longer automatically load it)
   * lib/Mail/DKIM/ (prettify): better default value for Start

  2007-04-16: Jason Long <>
   * t/signature.t: test that prettify() doesn't choke
   * lib/Mail/DKIM/Algorithm/ call prettify() before hashing the
     signature header
   * lib/Mail/DKIM/ call prettify_safe() after generating the
     signature data
   * lib/Mail/DKIM/ stubs for prettify() and prettify_safe()
   * lib/Mail/DKIM/ parse() can now be called on an existing
     key-value-list to regenerate the tag data from a string

  2007-04-15: Jason Long <>
   * lib/Mail/DKIM/ bug fix- if Net::DNS caused an exception,
     there was a race condition for resetting the alarm
   * lib/Mail/DKIM/ limit which headers are signed
   * t/signer.t: test that undesirable headers are not signed

  released 2007-05-10

   * we now only sign headers that IETF recommends for signing
   * it's now possible to "prettify" outgoing signatures, but this feature
     is not enabled by default. To enable, do a "use Mail::DKIM::TextWrap"
     in your program that signs messages. (This may change in a future


  2007-03-09: Jason Long <>
   * lib/Mail/DKIM/, lib/Mail/DKIM/,
     lib/Mail/DKIM/ fix for linebreaks in public key data;
     provided by Mark Martinec.
   * lib/Mail/DKIM/ fix default value q=dns/txt; this fixes a bug
     for DKIM signatures without q= tags
   * t/verifier.t: added six new tests that test problems with the public key
     (e.g. revoked, syntax, etc.)

  released 2007-03-13

   * fixes two bugs, see ChangeLog for details
   * fixed a bug with public keys (in DNS) containing linebreak characters
   * fixed a bug with DKIM signatures not including the optional q= tag


  2007-02-22: Jason Long <>
   * lib/Mail/DKIM/ catch certain OpenSSL errors; tweak
   * lib/Mail/DKIM/ changed OpenSSL error catching code to
     match that found in PublicKey; document more possible diagnostic codes
   * lib/Mail/DKIM/ tweaked diagnostics for missing public key
   * Makefile.PL: check for Test::Simple, which is required for `make test'

  2007-02-21: Jason Long <>
   * t/signer_policy.t: signature should still work even if no value is
     returned from signer policy
   * t/signer.t: now uses v=0.5 signature, which changes the signature
   * t/verifier.t: added three tests of empty body messages
   * lib/Mail/DKIM/ fixed bug where if signer policy was a
     sub ref, and didn't return a true value, the message would get skipped
   * lib/Mail/DKIM/Canonicalization/ argh, hack for handling
     empty body
   * lib/Mail/DKIM/ fixed bug in handling of messages
     without bodies
   * lib/Mail/DKIM/ output v=0.5 signatures now
   * scripts/ new --binary option to disable line-ending conversion

  2007-02-19: Jason Long <>
   * lib/Mail/DKIM/DkSignature: provide default value for a= tag
     (thanks to for the patch)
   * t/corpus/good_dk_2.txt: test for missing q= and a= tags on DomainKey

  2007-02-09: Jason Long <>
   * lib/Mail/DKIM/, better diagnostic messages;
     allow missing q= tag for domainkey signatures
     (thanks to for the patch)

  released 2007-02-22

   * fixes some issues with verifying DomainKeys signatures
   * generate newer-style DKIM signatures (with v=0.5 tag)
   * fixed some bugs related to handling messages with no body
   * improved diagnostic messages for certain cases


  2007-01-19: Jason Long <>
   * t/verifiter.t: relaxed the OpenSSL check a little more
   *, README, others: updated copyright to include 2007;
     updated abstract to include DomainKeys; updated version number

  2007-01-19: Jason Long <>
   * lib/Mail/DKIM/ in case of unsupported algorithm,
     canonicalization method, or key protocol, list the bad protocol
     in the error message to make diagnosing easier
   * lib/Mail/DKIM/ fix a use-of-undefined-scalar bug

  2007-01-17: Jason Long <>
   * t/verifier.t: fixed testing bug that was too strict about what
     error message OpenSSL generates
   * lib/Mail/DKIM/ handle OpenSSL panic message better

  released 2007-01-19

   * fixes a couple very minor bugs
   * some cosmetic changes to error messages


  2006-11-27: Jason Long <>
   * t/verifier.t: test domainkey message with trailing blank line
   * lib/Mail/DKIM/Canonicalization/ fixed bug where DomainKey-
     signed message with trailing blank line was not canonicalized correctly,
     reported by Mark Martinec.

  2006-11-13: Jason Long <>
   * t/verifier.t: test invalid signature length
   * lib/Mail/DKIM/ fixed bug where OpenSSL error was not
     reported by moved "local $@" outside try block, thanks to Mark Martinec
     for finding this; detect OpenSSL error and clean up the error message

  released 2006-11-29

   * fixes two bugs, see ChangeLog for details


  2006-10-24: Jason Long <>
   * t/signer_policy.t, t/signer.t: use new() instead of new_object()
   * lib/Mail/DKIM/Algorithm/ allow debugging body canonicalization
   * lib/Mail/DKIM/ removed problematic check for
     "control characters"
   * scripts/ document --type argument; replace signer policy class
     with signer policy subroutine

  2006-10-23: Jason Long <>
   * lib/Mail/DKIM/ bugfix - signatures weren't setup correctly when
     policy built the signature
   * lib/Mail/DKIM/ bugfix - empty headerlist should return empty
   * lib/Mail/DKIM/Canonicalization/ moved support for Debug_Canonicalization
     here from Algorithm/*
   * lib/Mail/DKIM/Algorithm/ removed Debug_Canonicalization support
   * lib/Mail/DKIM/Algorithm/ removed Debug_Canonicalization support

  2006-10-23: Jason Long <>
   * lib/Mail/DKIM/, lib/Mail/DKIM/ use new() instead of
     new_object(); new_object() still supported; documented
     Debug_Canonicalization option

  2006-10-20: Jason Long <>
   * t/signer_policy.t: added test for creating DomainKeys signature;
     added test for creating multiple signatures
   * lib/Mail/DKIM/ removed (obsolete)
   * scripts/ removed (obsolete)
   * lib/Mail/DKIM/ added signatures method

  2006-10-20: Jason Long <>
   * lib/Mail/, lib/Mail/DKIM/, lib/Mail/DKIM/
     various documentation fixes
   * lib/Mail/DKIM/ set signature property when result is determined
   * lib/Mail/DKIM/ support addition of multiple signatures;
     changed default canonicalization method to "relaxed"

  2006-10-20: Jason Long <>
   * t/signer_policy.t: tests different forms of signing policies
   * lib/Mail/DKIM/ support code references as a signing policy;
     removed support for build_signature (I'm gonna do this a different way)

  2006-10-20: Jason Long <>
   * t/verifier: added a message containing multiple signatures, only one of
     which is valid
     - t/corpus/multiple_1.txt: the new message
   * lib/Mail/DKIM/Algorithm/ added signature method; changed method
     signature of verify method (no parameters needed any more)
   * lib/Mail/DKIM/Algorithm/,
     lib/Mail/DKIM/Algorithm/ updated verify method
   * lib/Mail/DKIM/ support verification of multiple signatures
   * lib/Mail/DKIM/ documented use of policy _function_ rather than
     policy object; but no implementation yet
   * lib/Mail/DKIM/ (add_body): support multiple algorithms (needed
     to verify multiple signatures)
   * lib/Mail/DKIM/ renamed signature() to data(); signature still
     available for backwards compatibility

  2006-10-19: Jason Long <>
   * lib/Mail/DKIM/ document mechanism for users to
     construct the signature themselves
   * lib/Mail/DKIM/Canonicalization/,
   * lib/Mail/DKIM/Canonicalization/,
     lib/Mail/DKIM/Canonicalization/ implemented DomainKeys'
     canonicalization methods
   * lib/Mail/DKIM/Canonicalization/ clarify use of add_body method
   * lib/Mail/DKIM/Algorithm/ clarify use of add_body method
   * lib/Mail/DKIM/ implements DomainKeys signatures
   * lib/Mail/DKIM/ allow policy to construct the signature, if
     it implements the build_signature method; allow policy access to
     header field names (headers method)
   * lib/Mail/DKIM/ replace use of obsolete method() with
   * scripts/ allow user to specify signature type

  2006-10-12: Jason Long <>
   * t/verifier: added two new DomainKeys messages to test
     - t/corpus/good_dk_yahoo.txt
     - t/corpus/good_dk_gmail.txt
   * lib/Mail/DKIM/Canonicalization/ added support for the
     DomainKeys "nofws" canonicalization method
   * lib/Mail/DKIM/ recognize DomainKeys signatures;
     signatures now determine which algorithm class to use
   * lib/Mail/DKIM/Algorithm/ refactored a few things to better
     accomodate non-DKIM algorithms
   * lib/Mail/DKIM/Algorithm/ implements the DomainKeys
     rsa-sha1 algorithm
   * lib/Mail/DKIM/ handles DomainKeys signatures
   * lib/Mail/DKIM/ signature now determines which algorithm class
     to use
   * lib/Mail/DKIM/ change an error message from "headers have
     been alterered" to "message has been altered" (if the headers have been
     altered, we really cannot imply that the body is still intact)
   * lib/Mail/DKIM/ removed get_algorithm_class (this is now a
     signature method)
   * lib/Mail/DKIM/ added get_algorithm_class; documented
     get_public_key method

  2006-09-28: Jason Long <>
   * README: include "Error" in the list of dependencies
   * lib/Mail/DKIM/ (get_algorithm_class): return undef instead of
     throwing an error when an unsupported algorithm is presented
   * lib/Mail/DKIM/ (parse): allow v=0.5 tag
     (check_protocol): checks for dns option /txt (i.e. "dns/txt")
     (version): new method for getting/setting v= tag
   * lib/Mail/DKIM/ (check_signature): fixed algorithm check
   * t/verifier: added several additional sample emails to verify, including
     a ietf05 signature, and six cases where the signature should be ignored
     for one reason or another

  released 2006-10-24

   * now supports verifying multiple signatures (the result returned is based
     on the "best" available signature)
   * now supports adding multiple signatures in one pass (to use this, you
     need to create a "signer policy"; see scripts/ for an example)
   * now supports signing/verifying signatures for the older DomainKeys standard
   * now implements Internet Draft draft-ietf-dkim-base-05, including:
     * support for the version (v=) tag
   * eliminated "control character detected in message" error message


  2006-06-15: Jason Long <>
   * Makefile.PL: change Perl version check to v5.6.1 instead of 5.8
   * t/verifier.t: use binmode function instead of ":raw" layer, for
     Perl 5.6.1 compatibility

  released 2006-06-15

   * now supports earlier versions of Perl (5.6.1 and up).


  2006-06-09: Jason Long <>
   * t/verifier.t: open message in ":raw" mode to avoid CRLF->LF
     conversion (reported by Eugene Pivovarav)

  2006-06-08: Jason Long <>
   * lib/Mail/DKIM/ rewrote verify_digest() so that it uses
     the Crypt::OpenSSL::RSA module exclusively, no longer relying on
   * lib/Mail/DKIM/ rewrote sign_digest() so it uses
     Crypt::OpenSSL::RSA exclusively
   * lib/Mail/DKIM/ calculate_EM() - remove dependency on
   * Makefile.PL, README: remove mentions of Crypt::RSA and

  released 2006-06-09

   * no longer depends on Crypt::RSA or Crypt::OpenSSL::Bignum.


  2006-05-26: Jason Long <>
   * lib/Mail/DKIM/Algorithm/ check_body_hash() - new method
     that verifies the body hash against the bh= tag; format for
     canonicalization debugging output has changed
   * lib/Mail/DKIM/Algorithm/ call check_body_hash() before
     returning results to verify()
   * lib/Mail/DKIM/Algorithm/ call check_body_hash() before
     returning results to verify()
   * lib/Mail/DKIM/Canonicalization/ fixed bug where extra
     CRLF was being canonicalized
   * lib/Mail/DKIM/ moved calculate_EM function here from PrivateKey
     after realizing that it would be needed when verifying
   * lib/Mail/DKIM/ now SHA256 hashes can be verified as well;
     also, the verification can distinguish between wrong hash and a
     bad signature
   * lib/Mail/DKIM/ provide result details when verification
     fails; added documentation for the result_detail() method
   * t/corpus/: added several sample signed messages for the testing routines

  2006-04-17: Jason Long <>
   * lib/Mail/DKIM/Algorithm/ common class for DKIM algorithms
   * lib/Mail/DKIM/Algorithm/ now subclasses Algorithm::Base.
   * lib/Mail/DKIM/Algorithm/ new class for handling the
     rsa-sha256 DKIM algorithm
   * lib/Mail/DKIM/ recognize rsa-sha256 algorithm
   * lib/Mail/DKIM/ implemented signing of a SHA-256 digest
   * lib/Mail/DKIM/ implemented verifying of a SHA-256 digest
   * lib/Mail/DKIM/ allows algorithm to be "rsa-sha256";
     body_hash() - new method handling the bh tag;
     hash_algorithm() - new method to determine what hash is being used;
   * lib/Mail/DKIM/ check_public_key() - new method for checking
     the validity of a fetched public key
   * Makefile.PL: added Digest::SHA as a dependency

  2006-03-26: Jason Long <>
   * lib/Mail/DKIM/ remove version number from this file
   * lib/Mail/ bump version to 0.17
   * README: bump version to 0.17

  released 2006-05-26

   * now implements Internet Draft draft-ietf-dkim-base-01, including:
     * support for the body hash (bh=) tag
     * support for SHA256 digests (uses the Digest::SHA module from CPAN)
   * if a message fails to verify, it now distinguishes between:
     * headers having been altered
     * body having been altered
     * RSA key failure (i.e. the signing key does not match the public key)
   * added several sample messages to test against when doing `make test'.


  2006-03-03: Jason Long <>
   * lib/Mail/DKIM/ new() and testing() are now warning-free
     (thanks to for the patch)
   * t/policy.t: tests the Policy package

  2006-03-01: Jason Long <>
   * lib/Mail/DKIM/ correctly handle spaces around = character
   * t/signature.t: test for spaces around = character in signature

  2006-02-24: Jason Long <>
   * t/: wrote some tests and added them to the project
   * README, Makefile.PL: discovered additional dependency:
   * lib/Mail/DKIM/ fixed a warning that could occur if
     the h= tag was left undefined

  2006-02-23: Jason Long <>
   * converted to ExtUtils::MakeMaker package format,
     see the dkimproxy project for revision history prior to 2006-02-23.
  released 2006-03-03

   * first version for CPAN; implements draft-allman-dkim-base-01.