From: ram <ra...@ne...> - 2009-07-08 07:09:43
|
On Tue, 2009-07-07 at 23:38 -0700, SM wrote: > At 22:19 07-07-2009, ram wrote: > >I am trying to domain keys sign mails relayed by our server for our > >customers mails. This is a newsletter and the From: Header is not our > >control. I can however control the envelope from and can use dkim > >signatures for the mail. > > First of all, dkim-milter does DKIM and not DomainKeys. In the > keyfile for dkim-milter: Ah yes .. , I have read that before DKIM != Domainkeys > > *@*:example.net:private_key_file > > will sign all mail relayed by your server. > > >What I want to know ... is it a standard practice to do sign using any > >domain. What are restrictions. > > Yes, you can sign for any domain. There isn't any restriction. > > >There would be a lot of reasons for dkim-signing using envfrom. For eg > >this mailing list could sign its mails using signatures of > >lists.sourceforge.net > > There are reasons but you are well outside the DKIM specifications > when you are operating on the envelope. This mailing list could use > the existing dkim-milter features to do the signing. Thats similar to what I would want to be doing. > I don't think > that you can compare this mailing list with a newsletter. A valid > DKIM signature in your example asserts that the message was relayed > through your domain. If I wanted to accept mail from your customer, > I would have to know that it is relayed through you to be able to use > the DKIM signing domain. In my opinion, it's not a good practice to > rely on that as the customer might move to another provider in > future. It also creates a problem similar to one that DKIM has been > attempting to solve. Right, I think so too. But I have seen mails being dkim signed by mailers like aweber and constantcontact with a d=<envdomain>; |