-----Original Message-----
From: dkim-ops-bounces(_at_)mipassoc(_dot_)org [mailto:dkim-ops-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Baird, Josh
Sent: Wednesday, June 23, 2010 8:01 AM
To: dkim-ops(_at_)mipassoc(_dot_)org
Subject: [dkim-ops] DKIM Implementation Question
My question is, if we do not sign the non campaign email that leaves
the
other MTA's in our environment, will this pose a problem for delivery
of
these emails? If the DNS record exists, but the MTA is not attaching a
DKIM ID Header to the email as it leaves, will these emails be
potentially denied from ISPs that verify DKIM id's? If Yahoo, or
another ISP that verifies DKIM signatures sees that the message does
not
have a DKIM header, but the domain does have DKIM public record in
DNS..
will this pose a problem?
It's impossible for a receiver to tell you're a DKIM participant based on what
you put in the DNS, unless it's an ADSP record, because the receiver would need
to know a specific name at which to look for a public key ahead of time. The
best they could do is notice you sign mail and then assume your mail is always
signed, but that's not a very safe thing for them to do.
But as Jim said, there's no way to know for sure what any particular receiver's
policy is.
If you really want to be sure, the common advice these days is to make a
subdomain for your unsigned mail, or for your opt-in mail, so that the "d=" is
different for both and thus they can have different express (or implied)
signing policies.
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops