Small nit:
I understand it makes people feel good to throw in DKIM work into this
section, but DKIM has nothing to do with the Return Path verification
insights provided here in 3.6.2 paragraph two.
3.6.2. Mail eXchange Records and Relaying
....
This specification does not deal with the verification of return
paths for use in delivery notifications. Recent work, such as that
on SPF [42] and DKIM [43] [44], has been done to provide ways to
ascertain that an address is valid or belongs to the person who
actually sent the message. A server MAY attempt to verify the return
path before using its address for delivery notifications, but methods
of doing so are not defined here nor is any particular method
recommended at this time.
SPF is fine because it is 100% related to the return path. DKIM is
independent and has nothing to do with the return path.
The nit is that this section talks purely about the return path, then
throws in an unrelated 822 idea and concludes with a return path idea as
it was all related - they are not.
If we want to reference DKIM in 2821bis, I think it will fit better in
any DATA discussions, possibly stating but not exclusive to:
"A server MAY attempt to verify the MAIL TRANSACTION which includes
822 considerations using recent work such as DKIM [43]"
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com