On 9/24/2020 10:54 AM, Alan Hodgson wrote:
Or is there some criteria to determine which domain name
should have the DKIM signature? Is there a penalty score if one or
the other is missing?
It's doesn't make much difference, unless there's a whitelist involved.
If you publish a DMARC record, DMARC requires that the DKIM signing
domain be aligned with the From: header domain in order to pass. SA
doesn't currently check DMARC I don't think but lots of other
receivers do.
And even if you don't want to publish DMARC records now it's probably
best practice to sign with the organizational domain of the From:
header. A DKIM signature from an unrelated domain doesn't really say
anything except that the message wasn't altered in transit.
Thanks Alan,
I wasn't really sure if the rDNS domain was more important than the
from: header domain. Thanks for clearing that up.
Jerry
