What is Relaxed Canonicalization?
Relaxed canonicalization is one of two canonicalization methods supported by DomainKeys Identified Mail (DKIM). It defines how email headers and body content are standardized before digital signing and verification. Canonicalization ensures that minor, legitimate changes made during message transport do not cause authentication failures.
Because email systems often modify message formatting (for example, by rewrapping lines, adding spaces, or altering headers slightly) canonicalization provides a normalization process. The “relaxed” option offers tolerance to these changes, improving DKIM reliability across complex delivery paths.
DKIM signatures include a canonicalization tag (c=) that specifies how the message should be processed before signing and verifying. The syntax may look like this:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=selector1; ...In this configuration, the first “relaxed” applies to the headers and the second to the body. Under relaxed canonicalization, DKIM ignores inconsequential differences such as multiple spaces, folded header lines, or case variations in field names. The goal is to prevent legitimate message transformations from invalidating signatures.
Compared to simple canonicalization, which requires byte-for-byte integrity, the relaxed method provides greater flexibility and resilience. It is especially beneficial for organizations whose mail is routinely forwarded, modified by gateways, or processed by automated systems.
While relaxed canonicalization is widely adopted, it is important to ensure consistent use across all sending systems. Mixing simple and relaxed modes can cause validation discrepancies. Administrators should confirm that all mail gateways, relays, and sending providers use the same canonicalization settings in their DKIM configurations.
DMARCeye inspects DKIM signatures across all authenticated messages to detect canonicalization mismatches and performance issues. Its analytics reveal whether messages signed with relaxed canonicalization maintain integrity across forwarding paths and international mail flows.
By monitoring canonicalization settings in real time, DMARCeye helps organizations maintain consistent DKIM validation, ensuring that legitimate messages remain trusted and deliverable even through complex email infrastructures.
Sign up for a free trial of DMARCeye today and secure your email domain.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.