The usual approach is by using different domains. Disregarding the
courtesy forwarding swamp, it makes sense for a bank to say that its
transactional notices, e.g., "you're overdrawn", shouldn't be coming
from any place but the bank, and shouldn't be appearing on mailing
lists. On the other hand, it's perfectly reasonable for employees
to be participating in work-related mailing lists.
Since there's different policies for transactional mail and mail from
employees and DKIM's granularity is domains, if you want to use DKIM
and SSP, you'd best send the transaction mail from one domain and the
personal mail from another. I see banks doing this already. Even the
small ones tend to have a bunch of domains for all the variants of
their name.
Folks,
This strikes me as pretty much a perfect explanation of the relationship
between DKIM signing and the use of DKIM policies.
In particular, and with some wording modification, to generalize:
When a domain wishes to apply different policies for different types
of mail, and since DKIM's granularity is domains, you'd best sign
and send the different types of mail using different (sub-)domains.
/d
_______________________________________________
ietf-dkim mailing list
http://dkim.org