It appears that Florian Piekert via Postfix-users <flo...@floppy.org> said: >AFAIK you can't use the "doma.in" DKIM Key for signing "sub.doma.in" eMails. >You need to add a separate key in the DNS file >- which in this case you can't.
Sorry, that's just wrong. You can put a DKIM signature with any d= domain on any mail message, regardless of what's in the From: line or anything else in the message. If the reputation of the signing domain is reasonably good, that's usually adequate to get mail delivered. If you want to use DMARC, it has its own rules about how the DKIM domain has to align with the From: header domain, but that's a separate can of worms. FYI, for DMARC it is usually fine for a signature to be a subdomain of the From: domain or vice-versa unless you set unusually strict flags in your DMARC policy record. In this case the guy can't publish DNS records at all so he doesn't have a DMARC policy. R's, John _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
