> On 14/08/2024 15:27, Kurt Jaeger via Exim-users wrote:
> > So: user1@domain1 has an autoreply, and the autoreply
> > should be signed with dkim for domain1.
>
> I do not agree.
> The DKIM RFC says that anyone can sign a message.
As a practical matter, we[*] have observed GMail rejecting email
messages with claims that they are doing so because the DKIM signature
domain didn't match the From: domain. After observing this, we switched
to signing messages with a domain that matched the From: (and generally
not signing them if we had no such match, even though we could have
signed them as our main domain name).
(For various reasons, we have multiple domain names that all map to the
same mail system, DNS data, DKIM keys, and so on.)
GMail is likely not being RFC-compliant here (assuming that their
messages accurately reflect why they're rejecting email, which is
somewhat dubious in general), but we have to care more about delivering
email to GMail than about sticking to our guns over RFCs. (People here
would not care about exactly why their email was not reaching people on
GMail, they would just care that it wasn't and require us to fix it.)
- cks
[*: 'we' is a university computer science department.
]
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
