[kwlug-disc] Anyone know how to set up DNSSEC?

Jonathan D. Poole jpoole at digitaljedi.ca
Thu Feb 6 08:13:47 EST 2014


FWIW, 

Gmail gives you a nice 'mailed-by' and 'signed-by' header for the mere
simplicity of "Hrmm I got a message, is it legit?" question that arise when
determining messages as spam/bulk/etc

DMARC Analyzer (www.dmarcanalyzer.com) can give you a fairly good outlook of
how your 'alignment'  sits with use of your DKIM, SPF, DMARC setup.

Experimental as it may be, to protect your domain from unauthorized
forgery/phishing from external sources and ensuring emails that you do send
are legitimate, it makes sense to do it.


-----Original Message-----
From: kwlug-disc [mailto:kwlug-disc-bounces at kwlug.org] On Behalf Of Bob
Jonkman
Sent: Thursday, February 06, 2014 3:53 AM
To: KWLUG discussion
Subject: Re: [kwlug-disc] Anyone know how to set up DNSSEC?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

DKIM (RFC 6376 or STD 76) is still optional for SMTP mail delivery, and SPF
(RFC 4408) is still considered an experimental protocol.
Rejecting a message based on failure (or absence) of SPF is overly
aggressive, and contrary to DKIM ("signature verification failure does not
force rejection of the message"). At best, a message's (lack of) conformance
to DKIM and SPF could be used as a weighting factor to determine its
spamminess.

There's no benefit to you to sign your outgoing messages, at least until
servers start rejecting messages (which makes them non-conformant to
standards). Of course, there is the network effect that if everyone does
DKIM/SPF then the world will be a better place.

The only time my mail server has ever received a delivery failure
notification for not having DKIM or SPF entries was when I tried to
subscribe to the GNUsocial mailing list. Of course, I don't know how many
mail servers are silently dropping my non-DKIM/SPF messages, but that's
contrary to standards too.

TL;DR: Don't worry about it.

- --Bob.

https://tools.ietf.org/html/rfc6376

https://tools.ietf.org/html/rfc4408




On 14-02-06 02:53 AM, Chamunks Arkturus wrote:
> I'm sorry to have mislead I'm fairly comfortable with the command line 
> I just use ubuntu server 12.04x lts for my main distro.  I definitely 
> don't have the regex capabilities or understanding that most of the 
> guys here were raised up through.  Granted I do like gui's in some 
> sense that it helps me wrap my head around some concepts like I'm 
> attempting to wrap my head around using ldap via phpLDAPAdmin BUT this 
> is not the thread for this.  So before I derail my own thread.  Is 
> there more information that I should hear about this situation?
> 
> 
> 
> _______________________________________________ kwlug-disc mailing 
> list kwlug-disc at kwlug.org 
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAlLzTXoACgkQuRKJsNLM5ergmwCgki1frovhgo19qTDYIU9+ZzLz
B9kAoN0eoWTBKEG7kjosYtCBb5uzxIyx
=Y9/1
-----END PGP SIGNATURE-----


_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org






More information about the kwlug-disc mailing list