--- a/xml/dnsbl.in	Mon Jan 16 08:28:37 2017 -0800
+++ b/xml/dnsbl.in	Mon Jan 16 11:13:40 2017 -0800
@@ -744,8 +744,9 @@
 DCCBULK    = "dcc_bulk_threshold"   (INTEGER | "many" | "off")
 
 DKIMSIGNER = "dkim_signer" "{" {SIGNING_DOMAIN DEF [";"]}+ "}"
-DKIMFROM   = "dkim_from"   "{" {HEADER_FROM_DOMAIN DKIMVALUE SIGNING_DOMAIN [";"]}+ "}"
+DKIMFROM   = "dkim_from"   "{" {HEADER_FROM_DOMAIN DKIMVALUE SIGNERS [";"]}+ "}"
 DKIMVALUE  = "signed_white" | "signed_black" | "require_signed"
+SIGNERS    = quoted comma separated SIGNING_DOMAINs no whitespace
 
 ENV-TO     = "env_to"     "{" {(TO-ADDR | DCC-TO)}+ "}"
 TO-ADDR    = ADDRESS [";"]
@@ -771,10 +772,10 @@
 DEFAULT_IP_LIMIT    = INTEGER
 DAILY_MULTIPLE_IP   = INTEGER
 
-DEF        = ("white" | "black")
-DEFAULT    = (DEF | "unknown" | "inherit" | "")
+DEF        = ("white" | "black" | "unknown")
+DEFAULT    = (DEF | "inherit" | "")
 ADDRESS    = (USER@ | DOMAIN | USER@DOMAIN)
-VALUE      = ("white" | "black" | "unknown" | "inherit" | CHILD-CONTEXT-NAME)]]></literallayout>
+VALUE      = (DEF | "inherit" | CHILD-CONTEXT-NAME)]]></literallayout>
         </refsect1>
 
         <refsect1 id='sample.5'>
@@ -835,6 +836,15 @@
     require_rdns    yes;
 
     content on {
+        dkim_signer {
+            credit.paypal.com   require_signed  credit.paypal.com;
+            paypal.com          require_signed  paypal.com;
+            dhl.com             require_signed  dhl.com;
+            adp.com             require_signed  "adp.com,bmi.adp.com";
+        };
+        dkim_from {
+            accounts.google.com     white;
+        };
         filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
         uribl     multi.surbl.org             "Mail containing %s rejected - surbl; see http://www.surbl.org/surbl-analysis?d=%s";
         #uribl    multi.uribl.com             "Mail containing %s rejected - uribl; see http://l.uribl.com/?d=%s";