It appears that Rob McEwen via mailop <r...@invaluement.com> said: >negatively especially if/when the SMTP provider sends a mix of ham/spam >- and so in MANY cases - and so we don't consider the DKIM to be all >that particularly valid if/when NONE of the DKIM headers align with the >Mail Header FROM domain
The DKIM is valid in that it tells you that the signer is responsible for the message, but I agree that if the signer sends mixed junk, that information isn't very useful. >Suppose important/valid transactional messages are sent via 3rd party >SMTP/ESP - the Return Path (SMTP envelope) FROM domain is that >provider's domain - therefore - the SPF record technically just >references that 3rd party SMTP/ESP. And suppose in this example that the >ONLY DKIM record in the header - does what you described (pointing to >3rd party) and therefore has a "d=" pointing to that SMTP/ESP's generic >domain. .... Same situation. If it's a sloppy ESP, it doesn't tell you much about whether you want the mail. > >(3) I recently came across an example from AmazonSES that was SIMILAR to >this - but not technically bad - in this case, the message had 2 DKIM >records, and one of those DKIM records in the mail header was for the >senders's mail-header FROM domain - which used that sender's main domain >name, thus solving this problem. (the other DKIM was for amazonses). I don't understand the question. Your DKIM signatures can only be valid if you control the domain's DNS and publish the key records. SES does require you to show that you control the addresses you use to send mail, either by doing domain validation with DNS records, or validating an individual address by clicking a link in a message they send you. If you do domain validation you can provide your own DKIM keys or they can make them and you just install them: https://docs.aws.amazon.com/ses/latest/dg/creating-identities.html R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
