Skip to main content

DKIM Third-Party Authorization Label

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Douglas Otis , Daniel Black
Last updated 2010-08-10
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


A third party authorization label (TPA-Label) is a DNS-based extension for DKIM ADSP records that allows domains in the From header field to authorize acceptable third-party signatures. This approach allows autonomous and unilateral authorizations for third- party domains using scalable, individual DNS transactions. The extended scope of DKIM signing practice assertions introduced here supplants transparent authorization schemes that are more difficult to administer. Alternatives for facilitating third-party authorizations currently necessitate coordination between two or more domains to synchronously set up selector/key DNS records, DNS zone delegations, and/or a regular exchange of public/private keys. Checking TPA-Label Resource Records for signing practices might occur infrequently when a message is not compliant with restrictive ADSP practices, where an Author Domain Signature is either missing or invalid. When a third-party signature is found, TPA-Label Resource Record transactions offer an efficient means for Author Domains to authorize specific third-party signing domains. Recipients are afforded a method to determine whether authorization exists in situations where other modes of authorization are impractical. TPA- Label Resource Records permit Author Domains a means to influence message handling selectively, for messages otherwise lacking valid Author Domain signatures.


Douglas Otis
Daniel Black

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)