Question on alignment.
Most examples I see state that for relaxed alignment state that the The Mail From or Envelope From domain is a subdomain of the From domain for alignment.
e.g. example.company.com aligns with company.com
The RFC states that:
In relaxed mode, the Organizational Domains of both the [DKIM]-
authenticated signing domain (taken from the value of the “d=” tag in
the signature) and that of the RFC5322.From domain must be equal if
the identifiers are to be considered aligned. In strict mode, only
an exact match between both of the Fully Qualified Domain Names
(FQDNs) is considered to produce Identifier Alignment.
To me that reads that as long as the signing domain and from domain match the organizational/root domain the they align.
Use case, we are looking at a vendor and I am trying to determine if relaxed alignment will work with both our student and staff domains:
DKIM Signing = mail.campus.edu
student FROM domain = my.campus.edu
staff FROM domain = campus.edu
From my testing using OPENDKIM, it seems like my reading of the RFC is correct, but wanted to see if anyone else had input.
My Test resuts:
spf=none (sender IP is xxx.xxx.xxx.xxx) smtp.mailfrom=bogus.campus.edu; dkim=pass (signature was verified) header.d=test.campus.edu;dmarc=pass action=none header.from=email.campus.edu;
