[kwlug-disc] Anyone know how to set up DNSSEC?
Jonathan D. Poole
jpoole at digitaljedi.ca
Thu Feb 6 08:13:47 EST 2014
FWIW,
Gmail gives you a nice 'mailed-by' and 'signed-by' header for the mere
simplicity of "Hrmm I got a message, is it legit?" question that arise when
determining messages as spam/bulk/etc
DMARC Analyzer (www.dmarcanalyzer.com) can give you a fairly good outlook of
how your 'alignment' sits with use of your DKIM, SPF, DMARC setup.
Experimental as it may be, to protect your domain from unauthorized
forgery/phishing from external sources and ensuring emails that you do send
are legitimate, it makes sense to do it.
-----Original Message-----
From: kwlug-disc [mailto:kwlug-disc-bounces at kwlug.org] On Behalf Of Bob
Jonkman
Sent: Thursday, February 06, 2014 3:53 AM
To: KWLUG discussion
Subject: Re: [kwlug-disc] Anyone know how to set up DNSSEC?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
DKIM (RFC 6376 or STD 76) is still optional for SMTP mail delivery, and SPF
(RFC 4408) is still considered an experimental protocol.
Rejecting a message based on failure (or absence) of SPF is overly
aggressive, and contrary to DKIM ("signature verification failure does not
force rejection of the message"). At best, a message's (lack of) conformance
to DKIM and SPF could be used as a weighting factor to determine its
spamminess.
There's no benefit to you to sign your outgoing messages, at least until
servers start rejecting messages (which makes them non-conformant to
standards). Of course, there is the network effect that if everyone does
DKIM/SPF then the world will be a better place.
The only time my mail server has ever received a delivery failure
notification for not having DKIM or SPF entries was when I tried to
subscribe to the GNUsocial mailing list. Of course, I don't know how many
mail servers are silently dropping my non-DKIM/SPF messages, but that's
contrary to standards too.
TL;DR: Don't worry about it.
- --Bob.
https://tools.ietf.org/html/rfc6376
https://tools.ietf.org/html/rfc4408
On 14-02-06 02:53 AM, Chamunks Arkturus wrote:
> I'm sorry to have mislead I'm fairly comfortable with the command line
> I just use ubuntu server 12.04x lts for my main distro. I definitely
> don't have the regex capabilities or understanding that most of the
> guys here were raised up through. Granted I do like gui's in some
> sense that it helps me wrap my head around some concepts like I'm
> attempting to wrap my head around using ldap via phpLDAPAdmin BUT this
> is not the thread for this. So before I derail my own thread. Is
> there more information that I should hear about this situation?
>
>
>
> _______________________________________________ kwlug-disc mailing
> list kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability
iEYEARECAAYFAlLzTXoACgkQuRKJsNLM5ergmwCgki1frovhgo19qTDYIU9+ZzLz
B9kAoN0eoWTBKEG7kjosYtCBb5uzxIyx
=Y9/1
-----END PGP SIGNATURE-----
_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
More information about the kwlug-disc
mailing list