[ietf-dkim] (registered) domain name (Re: errata revision: opaque)
dhc at dcrocker.net
Sat Apr 4 10:22:09 PDT 2009
John Levine wrote:
> One of us should send in a separate technical erratum saying that DKIM
> key records SHOULD be published only for SDID domains that have
> corresponding MX or A records and can receive mail.
I believe your later posting on this retracted the suggestion, but this issue
strike me as one that is very easy (and common) to misunderstand. So it's worth
emphasizing. Might be worth adding tidbits to the Deployment draft?
The d= domain name is permitted to have /no relationship/ to any mail-sending or
mail-receiving domain name. Hence, no A, MX, or possibly /any(!)/ DNS resource
records for the name.
There might prove to be some benefits in choosing to have the d= name match the
name used for other purposes, but the design of DKIM does not require it and
it's essential that signers retain the choice.
More information about the ietf-dkim