[PLUG] Has anyone here used DKIM or Domain Key with their mail server?

Brent Jones brent at servuhome.net
Tue Aug 26 05:46:35 UTC 2008


On Mon, Aug 25, 2008 at 5:28 PM, Keith Lofstrom <keithl at kl-ic.com> wrote:

>
> Domain Key from Yah-o-o is being absorbed into the IETF's DKIM standard.
> There is apparently a Perl module that can be added to postfix to
> implement this on outbound email.  This is apparently a scheme to
> sign emails with the OpenSSL private key so that a recipient MTA
> can check it with the site's public key.
>
> There is a Perl module ( http://dkimproxy.sourceforge.net/ ) that
> supposedly implements this.
>
> Questions: (1) Is this worth the effort?  (2) Is it a security risk?
> (3) is the dkimproxy module sound?  (4) can you use a self-signed
> cert for this, or do you need an official ($$$) cert from places
> like Thawte or Verisign?
>
> Keith
>
> --
> Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>

If you check your mail server logs, or spamassassin logs, I'm sure you'll
find a lot of spam nowadays has correct SPF records and even DKIM
signatures.
I see so much spam come through in fact, that I no longer subtract points
from spam using those systems. It may be you a bit more freedom to send to
the Yahoos and Hotmails of the world, but probably not a whole lot of other
systems.

-- 
Brent Jones
brent at servuhome.net



More information about the PLUG mailing list