On 7/10/20 9:05 PM, Brandon Long wrote: > If it was a one-time DKIM key, you could publish it after being read one time > or with some short timeout. To many > providers, delivery is a matter of seconds. > > Of course, someone could take advantage because the key would be cached up to > some TTL.
Sure, but easy enough to wait 60 seconds or whatever your TTL is after you remove it from the authoritative zones. > I'm curious what the incremental deliverability advantages are of DKIM over > SPF. That seems like it might be worth the > trade-off for your use case. Absolutely! I wish SPF were always enough, and for direct-to-recipients I've never had an issue. But, sadly, users do seem to love to forward mails and bounce them from one provider to another through a filter set and then onwards to a third. Sometimes this works, sometimes things get sad, or at least so say my DMARC reports and the rare occasional complaints. To be fair its also a tiny mail server with relatively few clients hosting domains with tiny amounts of mail. Matt _______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
