Greetings:
I'm considering deploying MDaemon's DKIM implementation in place of what seems
to be the dying SPF that I've been using for awhile. I had been getting some
pretty promising results from the SPF implementation, but I can certainly see
where DKIM has some specific advantages.
After having read "DomainKeys: Proving and Protecting Email Sender Identity"
at: http://antispam.yahoo.com/domainkeys and "DomainKey Distribution Options"
at: http://domainkeys.sourceforge.net/dist.html, I'm still unsure about how
exactly to go about the deployment.
In our situation, we have two e-mail gateway servers--one outbound (mail1) and
one inbound (mail2)--which serve three separate domains internally. These
servers sometimes will assume the role of the other server for periods of
down-time. Our DNS is hosted by a third party, and changes must be submitted
through our corporate office.
First of all, I'm not clear on the timing between the time the DNS server is
updated and the time the message signing begins. If I first update the DNS
records, will enabled receiving servers immediately begin expecting my messages
to be signed? Or, if I begin by signing messages, will enabled receiving
servers fail the messages if it doesn't find the matching DNS entry?
If, later, the key is changed, DNS propagation can take several days. How do I
avoid having conflicts with message signatures and DNS records?
What might be the best method for me to go about keeping DNS current?
Should I use the same key for both mail1 and mail2, or doesn't it matter?
What about the keys for the other domains within my organization...should they
each have their own key and should it be the same key for both e-mail servers?
I can't even be sure that the other domain admins will even be interested in
DKIM. If I start signing messages, will the other domains be effected?
Can anyone point me to some documents that might help make this all more clear?
Thanks,
Jerry
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops