DKIM?

New ideas and constructive comments go here.

Moderator: Moderators

Post Reply
bobpullen
Posts: 20
Joined: Fri Jul 18, 2014 2:10 am

DKIM?

Post by bobpullen »

Any progress on DKIM signing?
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: DKIM?

Post by Seth »

I don't have an ETA on DKIM signing for outbound mail. We plan to implement it in a way where signing keys are provided by the user and then associated to outbound accounts, not globally by Rollernet. It will probably happen when we get to updating that section, as you may have noticed that updates to other sections also come with an interface change since we're reviewing and updating the back end of each section as we go.
Seth Mattinen, Roller Network LLC
timtowtdi
Posts: 3
Joined: Wed Oct 20, 2010 4:58 am

Re: DKIM?

Post by timtowtdi »

Do you have an ETA yet?
Or any other information about DKIM implementation status?

Regards,

Tim
Beware of the Klowns
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: DKIM?

Post by Seth »

We are currently testing some DKIM methods in the back end and how easily they would be able to integrate into the control center.
Seth Mattinen, Roller Network LLC
brianpettyjohn
Posts: 3
Joined: Wed Oct 06, 2021 12:45 pm

Re: DKIM?

Post by brianpettyjohn »

I see it's been a while since this issue was pinged. Any update? Gmail/MSN/Yahoo/Comcast/Outlook are getting much more strict.
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: DKIM?

Post by Seth »

I suppose I can just set it up in the back end and have everyone email us their private DKIM key for now.

The real delay is that we have to change jQuery versions (not because we need anything in newer versions but because PCI compliance simply tags it as "too old") which broke basically everything where we have UI elements, so I'm having to rewrite it slowly. So until this is done I can't add any front end interfaces to configure a private key for DKIM
Seth Mattinen, Roller Network LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: DKIM?

Post by Seth »

If you would like to try using DKIM, please send us the following for every mail domain you want to have DKIM signatures when using Outbound Mail:

domain=
selector=
privatekey=

This private key and selector will be used to DKIM sign emails submitted from your account that match the domain. At this time we are accepting user-generated private keys: in the future we will offer an option to generate them through our account control center, and possibly automate them when used with our Primary DNS.

As currently implemented we will need to configure each domain separately so that the DKIM signature will be aligned with the "From" header. In the past it was common for providers to bulk sign mail with their own key, however this is not a best practice. Although it's more secure to use unique private keys, it does require more setup.

We have been working with a very long delay adding new features to the front end account control center due to changing jQuery versions (not because we need anything in newer versions but because PCI compliance tags jQuery as "too old"), which unfortunately breaks basically everything where we have UI elements. Until this is done, any front end interfaces to configure a private key for DKIM will have to wait.

We have also created a web page that will generate keys for you:
https://acc.rollernet.us/api/dkimkeygen.php

Also available in JSON format for scripting:
https://acc.rollernet.us/api/dkimkeygen.php?json

If you have access to "openssl" you can generate a private key with the following command:

For a 2048 bit key:
openssl genrsa -out dkim_private.pem 2048

For a 1024 bit key:
openssl genrsa -out dkim_private.pem 1024

Public key for DNS:
openssl rsa -in dkim_private.pem -pubout -outform der 2>/dev/null | openssl base64 -A
Seth Mattinen, Roller Network LLC
Post Reply