The ABNF seems pretty clear for what syntax is allowed for DKIM selectors:
RFC6376 Section 3.1:
selector = sub-domain *( "." sub-domain )
RFC5321 Section 4.1.2:
sub-domain = Let-dig [Ldh-str]
Let-dig = ALPHA / DIGIT
Ldh-str = *( ALPHA / DIGIT / "-" ) Let-dig
RFC5234 Appendix B.1:
ALPHA = %x41-5A / %x61-7A ; A-Z / a-z
DIGIT = %x30-39 ; 0-9
If it doesn't match the ABNF (i.e. by containing an underscore in said
selector, which does not match allowed selector syntax), it's not a
valid DKIM selector according to this logic.
I don't see where underscores are permitted there.
-Mark Alley
On 12/19/2024 12:18 PM, Andrew C Aitchison via mailop wrote:
On Tue, 17 Dec 2024, Gellner, Oliver via mailop wrote:
The only validators which I found that correctly reported a problem
are Mailhardener ("The selector 'init_dkim' contains an underscore,
some SMTP implementations will not accept a DKIM selector with
underscores. If possible, choose a different selector without
underscore") and Uriports ("The provided DKIM selector is invalid").
Is underscore forbidden or merely not supported by some implementations ?
My reading of RFC6376 doesn't suggest that underscore is not allowed
in a selector and they are explicitly used in next component of the
DNS query.
If my reading is correct and underscores *are* permitted,
a validator should not object to them, though like Mailhardener
it is reasonable to warn that non-compliant implementations may break.
Also, Uriports is wrong to say that the selector is invalid.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
