Can you point to the specific section that you are referring to, if it's not section 2.2?
My understanding is that there are two separate alignment requirements. >From section 2.2: 1) For signature chains with exactly one signature, the signature's domain and the domain in the 5322.From must be aligned. By having the initial signature be from the domain aligned to the From or Sender header... 2) For all signature chains, the topmost signature's domain and the domain in the 5321.From must be aligned. Tangentially, this could use some editing for clarity. I believe when it says "same domain" at the end, it's stating that the domain of the bounce address needs to be equal to the signing domain, not the domain of the recipient in the previous DKIM2 header. If the recipient wishes to forward the message on to another address, it must apply its own DKIM2 header, signed by a key which is aligned to the domain of the recipient address in the previous DKIM2 header, and with a bounce address which is in the same domain. https://www.ietf.org/archive/id/draft-robinson-dkim2-message-examples-00.html#section-1.3.2 (and later sections) describe what I believe the SMTP transactions and signatures will look like. On Tue, Jul 22, 2025 at 4:29 PM Murray S. Kucherawy <[email protected]> wrote: > On Tue, Jul 22, 2025 at 4:41 PM Dave Crocker <[email protected]> wrote: > >> This appears to be derived from DMARC, except that DMARC only mandates >> this when SPF is used. The current work seeks to mandate it always. So >> it requires both Mail From and From: to be aligned with the (same?) >> signature. >> > > Can you point me to the SPF-specific constraint? I thought DMARC required > alignment for both SPF and DKIM in order to consider their "pass" results > as usable. That is, a passing DKIM signature for a domain unrelated to the > RFC5322.From domain is discarded by DMARC. > > -MSK > _______________________________________________ > Ietf-dkim mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
