At 12:17 20-05-2008, Jeff A. Earickson wrote: >We are running DKIM-milter 2.5.5 on our mail server, and >we have a TXT record in our "colby.edu" domain advertising >our public DKIM key, eg in bind: > >ColbyApr2008._domainkey IN TXT ( "v=DKIM1; n=\"Colby College\"; " > "g=*; k=rsa; t=s; " > "p=[crypto string]" ) > >Our admissions people have contracted with a third-party email >outfit to do mailings to prospective students, and they want >us to stick their public key into our colby.edu domain, eg: > >otherguysemail._domainkey IN TXT ( etc...)
They can use a different selector as you mentioned above. Do you want the emails to come from colby.edu or a subdomain? >I gather that the reason is so that when they send email to Yahoo or >whereever on our behalf (I guess probably forged as some colby.edu >address), then Yahoo will do a DNS lookup of >otherguysemail._domainkey.colby.edu, get a correct response from >our DNS server, and then quickly take delivery of the email. >True? Comments? Brickbats? Is this a bright idea to do? >Since when did DNS become the keyring of the universe? Yahoo doesn't do DKIM verification. They are not forging colby.edu as you have authorized them to send mail on your behalf. The DNS lookup will work as you described. DNS became the keyring when you elected to use DKIM. :-) As long as you have control over the domain, you can always pull out their selector key if you don't want them to send DKIM signed mail on your behalf. With your current setup, they can actually send out a DKIM signed mail with your email address in the From: header. Is that a good idea? At 12:23 20-05-2008, Dan Mahoney, System Admin wrote: >It sounds right, and it sounds smarter than divulging your normal private >key to them. Of course, setting up SPF and whatnot records to allow them >is probably not a bad idea either. They don't even need the private key if they are able to use a selector. Regards, -sm ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
