[ietf-dkim] DKIM Client Policy Requirement
Douglas Otis
dotis at mail-abuse.org
Sat Aug 5 17:58:08 PDT 2006
A DKIM client authentication method validates the DKIM client.
A DKIM Client Policy defines whether:
- The entire domain subject to the policy must adhere to a DKIM
client authentication method.
- All messages from a DKIM client within this domain must be signed.
- All messages from a DKIM client within this domain must be signed
by this domain.
An illustrative example of a DKIM authentication method could be:
_dkim.host-name-0.example.com A 1.2.3.4
A 1.2.3.5
A 1.2.3.6
A 1.2.3.7
EHLO _dkim.host-name-0.example.com
_DKIM_CP.example.com DKIM-CP "All clients DKIM authenticate & "All
clients sign all"
or
_DKIM_CP.example.com DKIM-CP "All clients DKIM authenticate & "All
clients signed all by this domain"
Establishing a domain name evaluation early better defends the
resources used to process DKIM signatures. Use of the _dkim prefix
eliminates any discovery process of the authentication assured to
work for the client. With the _dkim prefix, the associated A records
must be present. The "All clients DKIM authenticate" could be
implied by the presence of a DKIM From policy where this policy could
then also delineate the signing requires of the client. Combining
this policies into one record could be done to reduce the number of
transactions.
-Doug
More information about the ietf-dkim
mailing list