DKIM2 and DMARCbis Have Landed
Email authentication just got its biggest update in two decades. DKIM2 (draft -04) and DMARCbis (RFC 9989, RFC 9990, RFC 9991) arrived together, fixing fundamental flaws that have plagued email for years. Stalwart v0.16.12 is the first mail server to ship full support for both, and you can test them right now in the browser at the mail-auth playground.
What DKIM2 Changes
DKIM (RFC 6376) lets a domain sign a message with a private key. The signature covers chosen headers and body; the public key lives in DNS. That's it. A valid DKIM signature means "this domain vouches for this content." It says nothing about the recipient, the path, or what happens after forwarding.
DKIM2 keeps the crypto but changes the semantics. Instead of a single signature, it creates a chain of custody. Two new headers do the work:
- Message-Instance: describes the message at a given revision. It carries a revision number, cryptographic fingerprints over headers and body, and an optional "recipe" that tells how to undo any changes made at that hop.
- DKIM2-Signature: records the SMTP envelope (MAIL FROM, RCPT TO) for that hop, along with a sequence number and flags. The envelope is signed, so each hop's claim can be verified against the previous hop.
Replay Prevention
In DKIM1, a signed message can be replayed to millions of recipients. The signature still verifies, and the abuse rides on the original domain's reputation. DKIM2 stops this by binding the signature to the envelope. Each DKIM2-Signature records the mf= (MAIL FROM) and rt= (RCPT TO). Consecutive hops must line up: the sending domain of one hop must match a recipient domain of the previous one. Replay to a different address breaks the chain.
Forwarding Without Breakage
The single biggest pain point in DKIM1 is that forwarding breaks signatures. A mailing list that adds a subject prefix or a footer changes the content, and the signature fails. DKIM2 introduces recipes: a JSON object that tells a verifier how to reverse the change. For example, a list that prepends "[list]" to the subject records a recipe that replaces the current subject with the original. The verifier can undo the change and re-check all earlier signatures.
Here's the recipe for the example in the source:
{"h":{"subject":[{"d":["Trip report"]}]},"b":[{"c":[1,2]}]}
This says: to rebuild the previous body, copy lines 1 and 2 from the current message; for the subject, replace it with the literal "Trip report". The recipe is base64-encoded into the r= tag of the Message-Instance header.
Chain of Custody
Each hop appends its own DKIM2-Signature over the current snapshot and all prior signatures. This forms a tamper-evident sequence from author to final recipient. The chain absorbs ARC's role natively, without a parallel set of headers. DKIM2 explicitly ignores legacy DKIM-Signature and ARC-* headers, allowing both schemes to coexist during migration.
Backscatter Solved
Bounces can land on forged innocent third parties because the return path may name a domain that never handled the message. DKIM2 routes bounces along the recorded chain, so a DSN can only go to a domain that actually participated.
DMARCbis: The Long-Awaited Successor
DMARCbis (RFC 9989, RFC 9990, RFC 9991) replaces DMARC (RFC 7489). The biggest change: the static Public Suffix List is replaced by a live DNS tree walk. This eliminates the need to maintain and update the PSL, a constant source of errors. DMARCbis also retires tags that never worked (like rf and ri) and folds in operational lessons from a decade of deployment.
Stalwart v0.16.12: First to Ship
Stalwart v0.16.12 is the first mail server with full DKIM2 and DMARCbis support. You can sign and verify DKIM2 messages, and run DMARCbis checks, directly from the browser at the mail-auth playground. No install required.
What This Means for Developers
If you run a mail server or handle email delivery, DKIM2 changes the game. Forwarding no longer breaks signatures. Replay attacks are blocked. Bounces become trustworthy. The chain of custody gives you a verifiable path for every message. DMARCbis removes the PSL dependency, simplifying policy evaluation.
Migration is incremental. DKIM2 signatures coexist with DKIM1; receivers can check either. The draft is still evolving (currently -04), but the core mechanisms are stable. Stalwart's implementation gives you a concrete reference to test against.
Next Steps
Go to the mail-auth playground and try it. Send a DKIM2-signed message, forward it through a list, and verify the chain. Update your mail server to support DKIM2. Start planning for DMARCbis adoption. The standards are here; the tools are ready.



