Domainkeys

Need help? Ask here.

Moderator: Moderators

Post Reply
drdave
Posts: 7
Joined: Mon Jul 10, 2006 7:13 pm
Location: Illinois

Domainkeys

Post by drdave »

I just discovered Domainkeys for the first time:
http://antispam.yahoo.com/domainkeys
The ietf draft link on that page is incorrect. I found it at
http://www.ietf.org/internet-drafts/dra ... ase-04.txt

At first glance it looks like SPF only better because it also protects the integrity of the email with a digital signature. What is rollernet's opinion on it? According to http://www.postfix.org/addon.html there's a couple of implementations for it available for postfix. It can be verified at any point in the mail handling stream, but I haven't found any support for it in exim4 (my MTA) so I am hoping that you're going to add this one day.

- Dave
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

We are planning on adding domainkeys support to the filtering system. It's not quite as easy as grabbing a readymade implementation since it needs to integrate with the account control center, but it's on our to do list. Since you're the first to express interest in it, we'll probably move it up in priority.
Technical Support support@rollernet.us
Roller Network LLC
drdave
Posts: 7
Joined: Mon Jul 10, 2006 7:13 pm
Location: Illinois

Re: Domainkeys

Post by drdave »

Thanks. I'm sorry I posted this in the Support forum instead of the Suggestion Box forum.
sgrayban
Posts: 60
Joined: Wed Jul 12, 2006 9:53 am

Post by sgrayban »

A note on the "domainkeys" here.

I used to be part of the developement team for it but because it is very touchy when signing emails it can be more of a pain to use then SPF.

Rules of usage.... domainkeys MUST BE the very last milter in the chain of mail handling because it takes the entire email and signs the whole thing with a GPG key. If it gets touched by ANYTHING before it is released to the receiving mail server it will FAIL causing the email to most likely be rejected.

Because of this I recommend that SPF still be used and IF you want to use the domainkeys here that it be a option and disabled by default.

The domainkeys is still in beta testing even after 2 years of its initial start.

SPF has been a proven tool to stop fake headers and email addresses. Stick with it.
Post Reply