dkim-ops
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[dkim-ops] Storytelling on implementation of DKIM

2008-10-27 14:01:52
from [Olivier MJ Crepin-Leblond] [Permanent Link] 
Over the summer, having followed the DKIM/DomainKeys discussions and finally 
upgraded our
main mail-server and in the face of increasing spam attacks, I decided to go 
ahead with
implementation and to slowly start tightening our anti-spam arsenal.

So I installed Postfix with TLS & DKIM on the Centos 5 box.
Not being a full-time sys$admin (far from it, I consider myself more of a 
tourist admin
than anything else), it took me a while to go through the motions & work bugs 
out,
especially since out CISCO router had also a life of its own in letting only 
"normal" SMTP
traffic through (had I been told, I would have saved hours and hours of 
tweaking &
frustration).

Most of the installation was pretty straight forward, with TLS being a little 
more complex
to install than Mail-DKIM which I installed in a breeze thanks to good 
documentation. I
thought it would have been a lot more complex since prior to DIY, I had asked 
quantities
of "IT consultants" for a quote & been told this was something that would take 
them days
to implement - yeah right...<grin>

But little did I know of one major problem to do with DNS. Let me explain: my 
DNS
provider, one of the largest in the world, ran DNS services for my domain on 
their "older"
aka "legacy" nameservers. The underscore "_" seemed to introduce all sorts of 
problems -
not because the nameserver itself did not like it, but because the ISP's input 
system
database & front end did not like it.
To cut a long story short, they spent a considerable amount of time trying to 
go around
this and it took them several weeks to figure a way out, which was simply to 
migrate my
domain to their brand new nameservers - and I am glad to say that it all works 
now.

All to say that whilst we all hope for more DKIM use in email, a barrier to 
entry will be
those legacy systems, not necessarily the nameserver's fault, but the front end 
database
which so many ISPs make use of, including those who let end-users modify their 
DNS through
a Web front end.

Warm regards,

-- 
Olivier MJ Crepin-Leblond, Ph.D
Global Information Highway Ltd
http://www.gih.com/ocl.html

_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [dkim-ops] Storytelling on implementation of DKIM, Olivier MJ Crepin-Leblond <=
Previous by Date:  Re: [dkim-ops] just comment.. dkim-milter.., Byung-Hee HWANG
Next by Date:  [dkim-ops] Q: "dkim=discardable", Byung-Hee HWANG
Previous by Thread:  [dkim-ops] just comment.. dkim-milter.., Byung-Hee HWANG
Next by Thread:  [dkim-ops] Q: "dkim=discardable", Byung-Hee HWANG
Indexes:  [Date] [Thread] [Top] [All Lists]