[dmarc-discuss] Suggestions for DKIM or other enhancements
dhc at dcrocker.net
Sat Jun 23 10:34:42 PDT 2012
On 6/22/2012 6:48 AM, Murray Kucherawy wrote:
> The common practice right now is to develop reputation on the "d=" value
> for DKIM, not the "d="/"s=" combination. So subdividing your mail streams
> as you describe is done by creating different signing domains under your
> main domain (e.g. "d=users.example.org" vs. "d=transactions.example.org").
As other have noted, this is an old and much-discussed topic. As a
result, someone making suggestions for modifications/enhancements to
DKIM needs to first be familiar with its extensive documentation, listed
DKIM Service Overview, RFC 5585
DomainKeys Identified Mail (DKIM) Development, Deployment and
Operations, RFC 5863
For the d=/s=/i= issue, note Section 2.1 of RFC5863.
A prerequisite for any discussion of protocol modifications is an
understanding of the predicates for a protocol, such as having both
sides share the same syntax and semantics for what is done.
(Satisfaction of this predicate is surprisingly elusive during many
There are many legitimate cases of having one side do something by fiat
-- that is, without the awareness or cooperation of the other. However
these operational policies are not protocol standards. Having a
receiver interpret information beyond what was intended by the sender is
an example of this.
More information about the dmarc-discuss