Does the DKIM domain need to align with the List-Unsubscribe domain?

Key findings

• No direct alignment RFC: RFC 8058, which defines List-Unsubscribe One-Click, does not specify that the DKIM signing domain (the d= attribute) must align with the domain found in the List-Unsubscribe header URL.
• DKIM signature inclusion: For compliance and deliverability, the List-Unsubscribe and List-Unsubscribe-Post headers must be included in the DKIM signature's h= tag, ensuring they are not tampered with in transit.
• Content integrity: If the content of a DKIM-signed header (including the List-Unsubscribe header) is altered after the email is signed, the DKIM signature will fail. This is why signing these headers is critical.
• Current ISP requirements: Major mailbox providers like Gmail and Yahoo mandate the presence and proper functioning of List-Unsubscribe headers, but their specific requirements for alignment with the DKIM domain typically focus on the From header (RFC5322.From), not the List-Unsubscribe domain directly.

Key considerations

• Prioritize DMARC alignment: Focus on aligning your DKIM signing domain with your From domain, as this is critical for DMARC authentication and overall deliverability.
• Verify DKIM signing: Ensure your email service provider (ESP) or sending system correctly includes List-Unsubscribe and List-Unsubscribe-Post in the list of signed headers within the DKIM signature.
• Future-proofing: While not currently mandated, anticipate that mailbox providers may introduce stricter alignment requirements for List-Unsubscribe domains in the future, similar to their evolving demands for other header alignments.
• Subdomain impact: The specific subdomain used in the List-Unsubscribe URL does not need to match the DKIM signing subdomain, as long as the headers are correctly signed.

Key opinions

• Focus on signing: Marketers emphasize that the critical point is ensuring the List-Unsubscribe and List-Unsubscribe-Post headers are included in the DKIM signature.
• Alignment is for From header: The primary alignment concern for DKIM, especially for DMARC, is with the From header domain, not the List-Unsubscribe domain.
• Deliverability impact: Marketers find that emails are compliant and delivered successfully without List-Unsubscribe domain alignment, as long as other authentication and header requirements are met.
• Ease of compliance: Simplicity in setup is appreciated, and unnecessary alignment rules would complicate email infrastructure.

Key considerations

• Monitor deliverability: Even without specific List-Unsubscribe alignment, marketers should regularly monitor their email deliverability rates to catch any unforeseen issues or changes in ISP requirements.
• Header integrity: Always confirm that your ESP includes critical headers in the DKIM hash, preventing any changes post-signing that could invalidate DKIM.
• Subscriber experience: Beyond technical compliance, the List-Unsubscribe header is vital for a positive user experience and maintaining a healthy sender reputation by enabling easy unsubscribes.
• Adhering to new mandates: Marketers must stay informed about evolving requirements, such as Gmail and Yahoo's 2024 mandates for one-click unsubscribe, which indirectly rely on DKIM for header integrity.

Key opinions

• RFC compliance focus: Experts confirm that RFC 8058, which pertains to List-Unsubscribe, does not stipulate any domain alignment between the DKIM d= tag and the List-Unsubscribe URL domain.
• Anticipated MBP evolution: Many experts foresee that while not currently required, mailbox providers might, in the future, introduce their own mandates for closer alignment of these domains, similar to how they've pushed for DMARC alignment.
• Header signing is crucial: The integrity of the List-Unsubscribe headers is ensured by their inclusion in the DKIM signature, which prevents post-signing modification.
• Difference from From: header alignment: Experts highlight that DKIM alignment primarily serves to authenticate the From header (RFC5322.From) for DMARC validation, a different scope than the List-Unsubscribe header.

Key considerations

• Proactive approach to alignment: While not required now, aligning domains when possible can offer a buffer against future stricter requirements from mailbox providers.
• Comprehensive authentication: Ensure a robust SPF, DKIM, and DMARC setup for your sending domains to secure overall email authentication.
• Subdomain strategy: Consider how different subdomains for various email functions (sending, tracking, unsubscribing) interact with DKIM, and ensure each is properly configured for DKIM signing.
• Industry trend awareness: Stay updated on announcements from major mailbox providers regarding changes in their email reception policies, as these often go beyond strict RFC definitions.

Key findings

• RFC 8058 (List-Unsubscribe One-Click): This RFC specifies the format and behavior of the List-Unsubscribe-Post header for one-click unsubscribe functionality. It does not mention any alignment requirement with DKIM domains.
• RFC 6376 (DKIM): This RFC details the DKIM authentication mechanism, including the d= (signing domain) and h= (signed headers) tags. It requires that any headers specified in the h= tag must remain unchanged for the signature to be valid.
• RFC 7489 (DMARC): DMARC focuses on alignment between the From header domain and either the SPF domain or the DKIM domain. It does not extend this alignment requirement to the List-Unsubscribe header's domain.
• Header signing vs. alignment: The RFCs distinguish between signing a header to ensure its integrity (which List-Unsubscribe should have) and requiring domain alignment between different header fields.

Key considerations

• Adherence to RFCs: While no alignment is explicitly required, ensuring compliance with RFCs for DKIM and List-Unsubscribe headers is foundational for deliverability.
• Mandatory header signing: DKIM implementations must include List-Unsubscribe and List-Unsubscribe-Post in the h= field to meet integrity requirements.
• Understand DMARC alignment: While List-Unsubscribe alignment is not critical, understanding DMARC alignment principles (SPF/DKIM with From header) is crucial for overall sender reputation.
• Distinguish between RFCs and ISP policies: Recognize that mailbox providers often impose requirements beyond strict RFC definitions to combat spam and enhance user experience.