[dmarc-discuss] Suggestions for DKIM or other enhancements

Dave Crocker dhc at dcrocker.net
Sat Jun 23 10:34:42 PDT 2012

On 6/22/2012 6:48 AM, Murray Kucherawy wrote:
> The common practice right now is to develop reputation on the "d=" value
> for DKIM, not the "d="/"s=" combination.  So subdividing your mail streams
> as you describe is done by creating different signing domains under your
> main domain (e.g. "d=users.example.org" vs. "d=transactions.example.org").

As other have noted, this is an old and much-discussed topic.  As a 
result, someone making suggestions for modifications/enhancements to 
DKIM needs to first be familiar with its extensive documentation, listed 
at dkim.org.

In particular:

    DKIM Service Overview, RFC 5585

    DomainKeys Identified Mail (DKIM) Development, Deployment and
    Operations, RFC 5863

    FAQ <http://dkim.org/info/dkim-faq.html>

For the d=/s=/i= issue, note Section 2.1 of RFC5863.

A prerequisite for any discussion of protocol modifications is an 
understanding of the predicates for a protocol, such as having both 
sides share the same syntax and semantics for what is done. 
(Satisfaction of this predicate is surprisingly elusive during many 
protocol discussions...)

There are many legitimate cases of having one side do something by fiat 
-- that is, without the awareness or cooperation of the other.  However 
these operational policies are not protocol standards.  Having a 
receiver interpret information beyond what was intended by the sender is 
an example of this.

  Dave Crocker
  Brandenburg InternetWorking

More information about the dmarc-discuss mailing list