Only speaking from my own experience here, but changing the d= value (and nothing else) usually causes catastrophic inboxing issues at gmail. None of the other major providers seem to care. But a new d=, even just adding or removing a subdomain, causes immediate bulking at gmail. If the mail is good, it seems to recover within a few days even without taking any action.
Double-signing, and/or rolling out the new domain slowly is definitely the way to go. Luke On Tue, Aug 28, 2018 at 3:11 PM Steve Atkins <st...@blighty.com> wrote: > > > On Aug 28, 2018, at 2:46 PM, Jonathan Leist <jleis...@gmail.com> wrote: > > > > Hello, > > > > We're currently exploring the possibility of migrating from signing as > the individual hostnames of our sending IPs to signing as the org domain > aligned with those hostnames (e.g. signing as example.com instead of > mail1.example.com). Our main concern is in regards to deliverability, as > we'd presumably lose years of sending history that we've accumulated with > those signing domains. > > Relevant sending history when it comes to delivery decisions is typically > measured in weeks so I wouldn't worry about anyone tracking your reputation > from June, let alone 2017. > > > To potentially mitigate impact from the change, I'm considering having > the d= be the org domain, while i= could remain the actual hostname we've > historically signed with. So with the example above, they'd be d= > example.com and i=@mail1.example.com. Would anyone know off hand whether > we could expect that to help preserve the reputation we've built as a > sender, given that the i= also carries reputation (from what I've read)? > > That wouldn't hurt anything. But I doubt it'd have much effect, as > recipients are going to use either the d= or the domain part of the i=, not > both. I'd expect them to just use the d=, mostly. > > The "DKIM Way" would be to sign twice, with the old domain and the new > one, for a while. > > But if you're not seeing delivery issues today and you're not changing IP > addresses, just the d= signing domain, I wouldn't expect much impact from > just changing the d=. Trying it with a single MTA would let you see any > impact, and dribble the new d= value into your mail stream. > > Cheers, > Steve > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop