Also, the domain that is used to sign the message need not be the domain used in the return path, nor the from address. Nothing about DKIM will impact use of VERP at all.

There are many ways an ESP could use DKIM, to get the reputation and feedback setup they want, but a typical DKIM setup for an ESP might involve signing each message twice, once with a single domain used by the ESP to sign all email (primarily for feedback loops) and once with the customers domain (primarily for reputation).

http://dkimcore.org/deployment/esp.html goes into that sort of DKIM configuration for a typical ESP in quite a lot of detail.

For example if the ESP uses a fixed envelope-sender for each customer, then an ISP may be able to assign a different reputation to each ESP customer.

But this implies that ESP has would dismiss VERP and find another bounce management system.

Is it correct?

However doing so means that you don’t get most of the advantages of DKIM – portable reputation tied to the identity of the author of the message. Were I looking for an ESP I would never use one that used DKIM, but only signed with it’s own domain.

You can get the best of both worlds by signing each email twice – once with the ESP domain and once with a domain delegated from the customer (so that the customer adds one NS record delegating a subdomain of their DKIM DNS tree to the ESP and the ESP handles everything else DKIM related). The customer delegated domain attaches their reputation to the message, while the ESP domain allows simple signup for DKIM based FBLs (simpler and easier to maintain than IP based).

The only problem with that is that many of the commercial smarthosts used by ESPs have very limited DKIM signing abilities, and may not be able to sign twice. Some of them can’t even sign with an appropriate domain. If ESPs tell their vendors what they want I’m sure that’ll change.

I’ve gone into more detail about this style of ESP deployment in the dkim-core draft, at http://dkimcore.org/dkimcore.pdf