Relaxed Canonicalization
Learn how relaxed canonicalization in DKIM ups reliability, stops signature breaks, and how DMARCeye monitors these settings for consistent authentication.
What is Relaxed Canonicalization?
Relaxed canonicalization is one of two canonicalization methods supported by DomainKeys Identified Mail (DKIM). It defines how email headers and body content are standardized before digital signing and verification. Canonicalization ensures that minor, legitimate changes made during message transport do not cause authentication failures.
Because email systems often modify message formatting (for example, by rewrapping lines, adding spaces, or altering headers slightly) canonicalization provides a normalization process. The “relaxed” option offers tolerance to these changes, improving DKIM reliability across complex delivery paths.
How Relaxed Canonicalization Works
DKIM signatures include a canonicalization tag (c=) that specifies how the message should be processed before signing and verifying. The syntax may look like this:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=selector1; ...In this configuration, the first “relaxed” applies to the headers and the second to the body. Under relaxed canonicalization, DKIM ignores inconsequential differences such as multiple spaces, folded header lines, or case variations in field names. The goal is to prevent legitimate message transformations from invalidating signatures.
Benefits of Relaxed Canonicalization
Compared to simple canonicalization, which requires byte-for-byte integrity, the relaxed method provides greater flexibility and resilience. It is especially beneficial for organizations whose mail is routinely forwarded, modified by gateways, or processed by automated systems.
- Prevents DKIM signature breaks from formatting changes
- Improves authentication success rates after forwarding
- Increases compatibility with mailing lists and ticketing systems
- Reduces false DMARC failures caused by signature misalignment
Best Practices
While relaxed canonicalization is widely adopted, it is important to ensure consistent use across all sending systems. Mixing simple and relaxed modes can cause validation discrepancies. Administrators should confirm that all mail gateways, relays, and sending providers use the same canonicalization settings in their DKIM configurations.
Relaxed Canonicalization and DMARCeye
DMARCeye inspects DKIM signatures across all authenticated messages to detect canonicalization mismatches and performance issues. Its analytics reveal whether messages signed with relaxed canonicalization maintain integrity across forwarding paths and international mail flows.
By monitoring canonicalization settings in real time, DMARCeye helps organizations maintain consistent DKIM validation, ensuring that legitimate messages remain trusted and deliverable even through complex email infrastructures.
Sign up for a free trial of DMARCeye today and secure your email domain.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.