I send mails with different From and Return-Path addresses on different domains (for bounces collecting on separated mail server). For example, From: my@example.com and Return-Path: bounces@another-domain-for-bounces.org. Which of this domains should be used in DKIM signature d=xxx?
I have read related questions and didn't find concrete answer.
Tl;dr: You should use the header From: address' domain for signing. Here is why.
I looked up the headers of signed emails sent by ESPs like MailChimp, SendGrid and the like. Turns out there is no rule of thumb. Some use the From: address' domain, some use the Return Path: domain. Because this is not a very satisfying observation I tried to figure out if it really matters in practice.
RFC 4871 section 5.1 states:
INFORMATIVE NOTE: Signing modules may be incorporated into any portion of the mail system as deemed appropriate, including an MUA, a SUBMISSION server, or an MTA. Wherever implemented, signers should beware of signing (and thereby asserting responsibility for) messages that may be problematic. In particular, within a trusted enclave the signing address might be derived from the header according to local policy; SUBMISSION servers might only sign messages from users that are properly authenticated and authorized.
This text does neither enforce nor suggest a particular strategy. Speaking about verifying DKIM signatures, I know that Amavis and OpenDKIM don't care at all if the signing domain is part of any of an email's sender addresses, and GMail doesn't do either. The signing domain should by all means be treated as the "trust anchor" of your mails. GMail's web interface will show you which domain was used for signing, but doesn't warn if it differs from the sender address. But it should.
In my point of view this is a big weakness of the specification. A spammer could use whatever domain he has access to in order to send properly signed junk mail that appears to originate from a trustworthy person or organisation. I am not aware of any spam mails using this technique, but trust me, there will be. DKIM is a method to ensure the authenticity of a message. It was not meant to defeat spam in the first place, but to give sincere senders a method to show that their mail can be trusted. When spammers can fake that, DKIM is pointless. Of course, the true strength comes from combining SPF and DKIM (i.e. DMARC), but that's another topic.
Please don't use foreign domains to sign your outgoing mails. Though technically possible there is no point in doing so. Additionally, using the envelope's Mail From:/the message's Return Path: is a less optimal option, too: In the event of SRS being used along the transmission (among other techniques), the envelope sender will simply be rewritten. This is beyond of your control and ultimately breaks the direct linkage between the signing domain and the actual message sender, which shall be kept intact.
So in my opinion it is preferrable to use the From: sender domain when signing outgoing mail whenever possible. Additionally it should be encouraged that when verifying signed emails ISPs should honor if the domain used to sign the mail is part of the sender address. I would love to hear about other opinions!
I also found an interesting post with some more references if one wishes to dig further into this topic.
One of DKIM's signature weaknesses is it does not encompass the message envelope, which holds the return-path and message recipients. So you should use example.com which should be the signing domain.
