On Tue, 20 May 2008, Jeff A. Earickson wrote: > Hi, > > We are running DKIM-milter 2.5.5 on our mail server, and > we have a TXT record in our "colby.edu" domain advertising > our public DKIM key, eg in bind: > > ColbyApr2008._domainkey IN TXT ( "v=DKIM1; n=\"Colby College\"; " > "g=*; k=rsa; t=s; " > "p=[crypto string]" ) > > Our admissions people have contracted with a third-party email > outfit to do mailings to prospective students, and they want > us to stick their public key into our colby.edu domain, eg: > > otherguysemail._domainkey IN TXT ( etc...) > > I gather that the reason is so that when they send email to Yahoo or > whereever on our behalf (I guess probably forged as some colby.edu > address), then Yahoo will do a DNS lookup of > otherguysemail._domainkey.colby.edu, get a correct response from > our DNS server, and then quickly take delivery of the email.
It sounds right, and it sounds smarter than divulging your normal private key to them. Of course, setting up SPF and whatnot records to allow them is probably not a bad idea either. > True? Comments? Brickbats? Is this a bright idea to do? > Since when did DNS become the keyring of the universe? We've been moving that way for a while. If you think you're confused now, just wait till DNSSEC passes. -Dan -- "Long live little fat girls!" -Recent Taco Bell Ad Slogan, Literally Translated. (Viva Gorditas) --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
