Jeroen Geilman wrote: > fire-eyes wrote: >> On my small server I am seeing a sudden inrush of requests to named >> like tihs. Of particular intrest is _domainkey. A quick google search >> didn't really explain why I am seeing so much of this, it's been going >> on almost continuously for 20 minutes.
> The _domainkey queries are experimental, or from people who already > implement SPF and Yahoo's scheme for it. > That was 10 seconds of Google, by the way ;-) SPF (http://www.openspf.org/) and DomainKeys (http://antispam.yahoo.com/domainkeys) are not the same thing, although they attempt to address similar problems (albeit in a slightly different manner). DomainKeys uses a TXT record named _domainkey , which holds a public key. The domain's MTA signs outgoing mail with the corresponding private key, and DomainKey-aware receiving MTAs look up the public key and verify the signature. SPF uses a record named after the domain itself, which is in a special format and specifies which machines (by IP address or domain name) can send email claiming to be from that domain. The record type can be either TXT or SPF, but should be both more maximum compatibility. In their current implementations, SPF protects the enveloper sender information (which isn't seen by the end-user, unless s/he examines the header), while DomainKeys protects the From: field. Visit the above-mentioned URLs for more information. Cheers Andrew
signature.asc
Description: OpenPGP digital signature
