At 15:19 11-10-2007, Dan Mahoney, System Admin wrote: >And you just know there are people out there who are running old >verifiers. I had figured now that there was an official rfc and such, >that we'd stop doing the "this week's draft" dance.
There's the DKIM signing and verifying specifications which have been published and the SSP which is work in progress. DKIM can still be used without SSP if you don't want to track the changes in that draft. >I apologize if this seems forward, but people want DKIM now. SpamAssassin >has had a rule called DKIM_POLICY_SIGNSOME hitting most domains for a >while now, which I find really amusing considering that rule only hits on >the IMPLIED policy. A sender signing practice is nothing more than that. DKIM as such can be useful for negative scoring. >And there's not one really good "howto" site (admittedly, the docs in the >milters are good, but the target audience of the milter are not the same >as the target audience of those who could benefit from and understand the >workings behind something like DKIM.) The concept behind DKIM is simple. You use the signing domain instead of using the IP address to determine the reputation of the sender. >When SPF came out, there were simple, web-driven tools to GENERATE the >rulesets, as well as simple tools to interpret them on a failure, from the >getgo. Given, SPF was as simple as "drop this line in DNS", very >set-it-and-forget-it. But the meanings of the various flags, fields, and >such were de-mystified, and you were asked simple, english questions which >themselves could have been taken from the RFC's. DKIM won't be as easy as SPF as the verification can fail if the message is modified in transit. It's possible to do a web-driven tool to generate the configuration for dkim-milter. Someone posted a message about such a project (see archive). >Now, when searching for obscure DKIM flags, like trying to search RFC's >for "o=" or, worse, google, there's no real place to turn (at least that >I've found). That's true unfortunately. You could ask on this mailing list. Regards, -sm ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
