dkim-ops
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[dkim-ops] DKIM seems complicated

2005-08-10 09:30:18
from [Jerry Martin] [Permanent Link] 
Greetings:

I'm considering deploying MDaemon's DKIM implementation in place of what seems 
to be the dying SPF that I've been using for awhile. I had been getting some 
pretty promising results from the SPF implementation, but I can certainly see 
where DKIM has some specific advantages.

After having read "DomainKeys: Proving and Protecting Email Sender Identity" 
at: http://antispam.yahoo.com/domainkeys and "DomainKey Distribution Options" 
at: http://domainkeys.sourceforge.net/dist.html, I'm still unsure about how 
exactly to go about the deployment.

In our situation, we have two e-mail gateway servers--one outbound (mail1) and 
one inbound (mail2)--which serve three separate domains internally. These 
servers sometimes will assume the role of the other server for periods of 
down-time. Our DNS is hosted by a third party, and changes must be submitted 
through our corporate office.

First of all, I'm not clear on the timing between the time the DNS server is 
updated and the time the message signing begins. If I first update the DNS 
records, will enabled receiving servers immediately begin expecting my messages 
to be signed? Or, if I begin by signing messages, will enabled receiving 
servers fail the messages if it doesn't find the matching DNS entry?

If, later, the key is changed, DNS propagation can take several days. How do I 
avoid having conflicts with message signatures and DNS records?

What might be the best method for me to go about keeping DNS current?

Should I use the same key for both mail1 and mail2, or doesn't it matter?

What about the keys for the other domains within my organization...should they 
each have their own key and should it be the same key for both e-mail servers?

I can't even be sure that the other domain admins will even be interested in 
DKIM. If I start signing messages, will the other domains be effected?

Can anyone point me to some documents that might help make this all more clear?

Thanks,

Jerry




_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: [dkim-ops] DKIM seems complicated, Arvel Hathcock
Next by Thread:  Re: [dkim-ops] DKIM seems complicated, Arvel Hathcock
Indexes:  [Date] [Thread] [Top] [All Lists]