What is DKIM Body Hash (bh=)?
The DKIM Body Hash (bh=) is a component of a DomainKeys Identified Mail (DKIM) signature that represents a cryptographic digest of the email’s body content. It ensures that the message has not been altered after it was signed by the sending server. When a receiving mail server validates DKIM, it recalculates the body hash and compares it to the value in the “bh=” tag of the DKIM-Signature header.
If the calculated and stored hashes match, the message body is verified as intact and authentic. If they differ, the message fails DKIM validation, signaling that the content may have been modified in transit or tampered with by an intermediary.
When an outgoing mail server signs a message using DKIM, it performs the following steps:
Example DKIM signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=selector1;
bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
b=G9k0...The body hash provides message integrity by detecting unauthorized changes. Even minor edits (like added spaces or hidden characters) can cause DKIM verification to fail. It protects against:
DMARCeye analyzes DKIM signatures in authentication reports to verify body hash integrity across all messages. It identifies cases where “bh=” mismatches occur and correlates them with sending systems, gateways, or relays responsible for the modification.
By visualizing DKIM body hash validation results, DMARCeye helps administrators pinpoint which messages were altered and by which intermediary. This insight improves message reliability, compliance, and delivery performance while preventing subtle integrity attacks that could compromise trust.
With DMARCeye’s advanced DKIM analytics, organizations can monitor how their signing domains perform across global mail flows and ensure that every authenticated message remains unmodified from origin to inbox.
Sign up for a free trial of DMARCeye today and secure your email domain.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.