> -----Original Message----- > From: [email protected] [mailto:dkim-ops- > [email protected]] On Behalf Of Baird, Josh > Sent: Wednesday, June 23, 2010 8:01 AM > To: [email protected] > Subject: [dkim-ops] DKIM Implementation Question > > My question is, if we do not sign the non campaign email that leaves > the > other MTA's in our environment, will this pose a problem for delivery > of > these emails? If the DNS record exists, but the MTA is not attaching a > DKIM ID Header to the email as it leaves, will these emails be > potentially denied from ISPs that verify DKIM id's? If Yahoo, or > another ISP that verifies DKIM signatures sees that the message does > not > have a DKIM header, but the domain does have DKIM public record in > DNS.. > will this pose a problem?
It's impossible for a receiver to tell you're a DKIM participant based on what you put in the DNS, unless it's an ADSP record, because the receiver would need to know a specific name at which to look for a public key ahead of time. The best they could do is notice you sign mail and then assume your mail is always signed, but that's not a very safe thing for them to do. But as Jim said, there's no way to know for sure what any particular receiver's policy is. If you really want to be sure, the common advice these days is to make a subdomain for your unsigned mail, or for your opt-in mail, so that the "d=" is different for both and thus they can have different express (or implied) signing policies. _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
