I just discovered Domainkeys for the first time:
http://antispam.yahoo.com/domainkeys
The ietf draft link on that page is incorrect. I found it at
http://www.ietf.org/internet-drafts/dra ... ase-04.txt
At first glance it looks like SPF only better because it also protects the integrity of the email with a digital signature. What is rollernet's opinion on it? According to http://www.postfix.org/addon.html there's a couple of implementations for it available for postfix. It can be verified at any point in the mail handling stream, but I haven't found any support for it in exim4 (my MTA) so I am hoping that you're going to add this one day.
- Dave
Domainkeys
Moderator: Moderators
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
We are planning on adding domainkeys support to the filtering system. It's not quite as easy as grabbing a readymade implementation since it needs to integrate with the account control center, but it's on our to do list. Since you're the first to express interest in it, we'll probably move it up in priority.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
Re: Domainkeys
Thanks. I'm sorry I posted this in the Support forum instead of the Suggestion Box forum.
A note on the "domainkeys" here.
I used to be part of the developement team for it but because it is very touchy when signing emails it can be more of a pain to use then SPF.
Rules of usage.... domainkeys MUST BE the very last milter in the chain of mail handling because it takes the entire email and signs the whole thing with a GPG key. If it gets touched by ANYTHING before it is released to the receiving mail server it will FAIL causing the email to most likely be rejected.
Because of this I recommend that SPF still be used and IF you want to use the domainkeys here that it be a option and disabled by default.
The domainkeys is still in beta testing even after 2 years of its initial start.
SPF has been a proven tool to stop fake headers and email addresses. Stick with it.
I used to be part of the developement team for it but because it is very touchy when signing emails it can be more of a pain to use then SPF.
Rules of usage.... domainkeys MUST BE the very last milter in the chain of mail handling because it takes the entire email and signs the whole thing with a GPG key. If it gets touched by ANYTHING before it is released to the receiving mail server it will FAIL causing the email to most likely be rejected.
Because of this I recommend that SPF still be used and IF you want to use the domainkeys here that it be a option and disabled by default.
The domainkeys is still in beta testing even after 2 years of its initial start.
SPF has been a proven tool to stop fake headers and email addresses. Stick with it.