J.D. Falk posted a brief but comprehensive guide to the different DKIM flags: what they mean and how they may affect delivery. (The original link seems to be dead so I reproduced the blog post for reference It’s just that good. A DKIM Primer Resurrected
DKIM only answers two questions:
- Does the message have a valid signature?
- If it does, what domain signed it?
The signing domain, identified by the d= tag in the DKIM signature header, is the only part of the DKIM signature where the choices you make now will directly affect the continued deliverability of your messages. This is because d= is how you tell the receiving system who you are.
J.D. goes on to describe the different flags and how they may affect delivery of a particular signed message. It’s a good review of the flags and what they mean.