Do you run a mail server, or own a domain example.com that you send mail from?
Do you want your mail to be accepted by Gmail and Yahoo users, and any other sites that follow their suit?
Here's what must be done before the DKIMpocalypse on Thursday to ensure your mail will make it through Google's and Yahoo's tighter mail rules:
opendkim-genkey),
configure your mail server to use it, and
publish the public key in the DNS like:
foo._domainkey.example.com. IN TXT ( "v=DKIM1; k=rsa; " "p=..." )
If your mail server is at, say, 198.51.100.42, you might improve odds of delivery by including it explicitly:example.com. IN TXT "v=spf1 ?all"
(This one isn't new—you probably already had to do this a long time ago.)example.com. IN TXT "v=spf1 ip4:198.51.100.42 ?all"
_dmarc.example.com. IN TXT "v=DMARC1; p=none"
As a reward for all your hard work to implement this rigmarole, this will do absolutely nothing to reduce anyone's spam!
At best, you can tighten the SPF and DMARC policies to restrict phishing attempts made using your domain, but there are foot-guns. How can you use this to shoot yourself in the foot and make your mail undeliverable to Goohoo! users?
You can also inundate yourself with extra mail from your recipients by adding “rua=mailto:postmaster@example.com”, because who doesn't thirst for more mail?
Bonus: DKIM creates a leak incentive because the mail server cryptographically attests to every message you write, in signatures that anyone in the world can verify—even on private messages not meant for public consumption.
So you might want to rotate your DKIM keys and publish the old ones periodically.
Copyright © 2006–2024, Taylor R. Campbell.
Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice, and the copyright notice, are preserved.