Re: opendkim-genkey and "r=" tag

From: SM <>
Date: Thu, 25 Aug 2011 10:19:12 -0700

Hi Giovanni,
At 09:17 25-08-2011, Giovanni Bajo wrote:
>opendkim-genkey (in OpenDKIM 2.4.2) generates
>DNS records which contain the "r=" tag for
>reporting; by default, it sets "r=postmaster;".
>The "r=" tag is described in RFCs such as
>and to the best of my understanding is not part of the official/original

That's an Internet-Draft and not a RFC.

>DKIM specification (
>RFC4871 says in
> > If the result returned from the query does not adhere to the
> > format defined in this specification, the verifier MUST ignore
> > the key record and return PERMFAIL (key syntax error). Verifiers
> > are urged to validate the syntax of key records carefully to
> > avoid attempted attacks. In particular, the verifier MUST ignore
> > keys with a version code ("v=" tag) that they do not implement.
>To the best of my understanding, this means that
>verifiers adhering to RFC4871 MUST return
>PERMFAIL when presented DNS records as produced
>by opendkim-genkey by default. In fact, the
>gmail verifier does this (as can be inferred by
>the header Authentication-Results added by the GMail smtp system).

OpenDKIM is compliant with RFC 4871 and its
updates. draft-kucherawy-dkim-reporting-07 [1]
extends the DKIM specification by adding an
optional reporting address. It adheres to the
format specified in the DKIM base
specifications. Format in this respect means the
syntax used for the key record and not the content.

>I'm pretty new to dkim, but it would look to me
>that if someone wants to add a specification for
>a "r=" tag in the DNS, that specification must
>also increase the "v=" tag version number.


 From draft-ietf-dkim-rfc4871bis-15 Section 3.6.1
(this revision of RFC 4871 will be published as a RFC soon):

   "The overall syntax is a tag-list as described in Section 3.2. The
    current valid tags are described below. Other tags MAY be present
    and MUST be ignored by any implementation that does not understand


Received on Thu Aug 25 2011 - 17:19:49 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:19 PST