[ietf-dkim] is this a problem or not?
dhc at dcrocker.net
Sat Oct 29 11:03:19 PDT 2005
> The usual approach is by using different domains. Disregarding the
> courtesy forwarding swamp, it makes sense for a bank to say that its
> transactional notices, e.g., "you're overdrawn", shouldn't be coming
> from any place but the bank, and shouldn't be appearing on mailing
> lists. On the other hand, it's perfectly reasonable for employees
> to be participating in work-related mailing lists.
> Since there's different policies for transactional mail and mail from
> employees and DKIM's granularity is domains, if you want to use DKIM
> and SSP, you'd best send the transaction mail from one domain and the
> personal mail from another. I see banks doing this already. Even the
> small ones tend to have a bunch of domains for all the variants of
> their name.
This strikes me as pretty much a perfect explanation of the relationship
between DKIM signing and the use of DKIM policies.
In particular, and with some wording modification, to generalize:
When a domain wishes to apply different policies for different types
of mail, and since DKIM's granularity is domains, you'd best sign
and send the different types of mail using different (sub-)domains.
More information about the ietf-dkim