/** * RFC 6376 (RSA-SHA256) + RFC 8463 (Ed25519-SHA256) DKIM signer. * * Ships relaxed/relaxed canonicalization because it's what gmail, * yahoo, outlook and every popular mail server prefer in 2026. Uses * Web Crypto throughout — no node:crypto — so the SMTP driver can run * on Cloudflare Workers if you bring your own socket transport. * * @module */ export interface DkimSignerOptions { /** DNS selector — the TXT record at `._domainkey.`. */ selector: string; /** Signing domain. */ domain: string; /** Private key as PEM (RSA: PKCS8 or PKCS1; Ed25519: PKCS8). Also * accepts a pre-imported CryptoKey. */ privateKey: string | CryptoKey; /** Signing algorithm. Default: `rsa-sha256`. */ algorithm?: "rsa-sha256" | "ed25519-sha256"; /** Headers to include in the signature. Default set is the canonical * minimal list recommended by RFC 6376. */ headers?: ReadonlyArray; } /** Per-message signer. Takes a built RFC 5322 message (headers + CRLF + * body) and returns a new message with a leading `DKIM-Signature:` * header. */ export declare function signDkim(message: string, options: DkimSignerOptions): Promise;