Skip to main content

3.9 Output Requirements

3.9. Output Requirements

The evaluation of each signature ends in one of three states, which this document refers to as follows:

  • SUCCESS: a successful verification
  • PERMFAIL: a permanent, non-recoverable error such as a signature verification failure
  • TEMPFAIL: a temporary, recoverable error such as a DNS query timeout

For each signature that verifies successfully or produces a TEMPFAIL result, output of the DKIM algorithm MUST include the set of:

  • The domain name, taken from the "d=" signature tag; and
  • The result of the verification attempt for that signature.

The output MAY include other signature properties or result meta-data, including PERMFAILed or otherwise ignored signatures, for use by modules that consume those results.

See Section 6.1 for discussion of signature validation result codes.

Last updated on