I am in the process of reviewing the technical setup of a client installation.
This client is using the VERP string (Return Path / Envelope From) in the i= of
their DKIM signature.
The signature looks like this:
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=ci; d=inbox.example.com;
i=verpprefix-laura=2dinterdirect=40wordtothewise(_dot_)com-2979-83348823-24644-bounce(_at_)inbox(_dot_)example(_dot_)com;
h=content-type:mime-version:subject:list-unsubscribe:reply-to:to:from:date:message-id;
bh=HbLebYQFYQmYej07DLVID9lCjc8=;
Based on my understanding of DKIM, this isn't necessarily violating the DKIM
spec, but it does seem to be not the right thing to use for the i= value
I'm thinking my client should stop doing this, just because it really seems
wrong but I have no justification for recommending that other than "that can't
be right."
I haven't been able to find anything that discusses the intention behind the
i=. I expect they chose this i= because that's the envelope from, but the i= is
suppose to be a person, not a mechanical address, correct?
I'd appreciate any guidance on where to go to research this. Or if anyone can
give me some help in understanding this enough to tell my client to stop.
laura
--
Laura Atkins
Word to the Wise "The Deliverability Experts!"
Direct: 650 678-3454 Fax: 650 249-1909
AIM: wttwlaura YIM: wttw_laura
Delivery blog: <http://blog.wordtothewise.com/>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html