At 22:19 07-07-2009, ram wrote: >I am trying to domain keys sign mails relayed by our server for our >customers mails. This is a newsletter and the From: Header is not our >control. I can however control the envelope from and can use dkim >signatures for the mail.
First of all, dkim-milter does DKIM and not DomainKeys. In the keyfile for dkim-milter: *...@*:example.net:private_key_file will sign all mail relayed by your server. >What I want to know ... is it a standard practice to do sign using any >domain. What are restrictions. Yes, you can sign for any domain. There isn't any restriction. >There would be a lot of reasons for dkim-signing using envfrom. For eg >this mailing list could sign its mails using signatures of >lists.sourceforge.net There are reasons but you are well outside the DKIM specifications when you are operating on the envelope. This mailing list could use the existing dkim-milter features to do the signing. I don't think that you can compare this mailing list with a newsletter. A valid DKIM signature in your example asserts that the message was relayed through your domain. If I wanted to accept mail from your customer, I would have to know that it is relayed through you to be able to use the DKIM signing domain. In my opinion, it's not a good practice to rely on that as the customer might move to another provider in future. It also creates a problem similar to one that DKIM has been attempting to solve. Regards, -sm ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
