From 1b7c51f48e7482aae65e4d555baa93baeb9abea5 Mon Sep 17 00:00:00 2001 From: Dennis Baaten Date: Wed, 27 May 2020 11:36:18 +0200 Subject: [PATCH] parked domain update --- DKIM-how-to.md | 2 +- parked-domain-how-to.md | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/DKIM-how-to.md b/DKIM-how-to.md index e707b7a..23952da 100644 --- a/DKIM-how-to.md +++ b/DKIM-how-to.md @@ -35,7 +35,7 @@ A common used technique used by spammers is to trick the receiving party into be * If a domain is not using e-mail (anymore), it is recommended to set an empty public key: "v=DKIM1; p=". * When used with a specific selector, an empty public key means that e-mail signed with the associated public key must be considered unreliable since they public key was revoked. * When used with a wildcard selector, setting an empty public key indicates that all previously used keys are revoked and must be considered unreliable. The owner of a domain can also use this to explicitly signal that a domain is not configured to use e-mail. - * [According to the RFC](https://tools.ietf.org/html/rfc6376#section-6.1.2) the absence of a selector / public key (e.g. as a result of deleting the entire DKIM resource record) is semantically equal to a resource record with an empty public key. + * [According to the RFC](https://tools.ietf.org/html/rfc6376#section-6.1.2) the absence of a selector / public key (e.g. as a result of deleting the entire DKIM resource record) is semantically equal to a resource record with an empty public key. This means that both approaches should be treated similar by the receiving mail server. ## Canonicalization As mentioned in [RFC 6376 section 3.4](https://tools.ietf.org/html/rfc6376#section-3.4) some mail systems modify e-mail in transit. This type of modification is called canonicalization and is generally used to make things comparable before presenting the email to the signing or verification algorithm. You can imagine that this is important when signing and validating an e-mail; if things change too much this can invalidate a DKIM signature, which also impacts DMARC. diff --git a/parked-domain-how-to.md b/parked-domain-how-to.md index eaa5ab5..76fd0b2 100644 --- a/parked-domain-how-to.md +++ b/parked-domain-how-to.md @@ -29,7 +29,9 @@ Set DMARC policy to reject mails, but allow reporting to take place. This helps `_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.nl; ruf=mailto:ruf@example.nl` ## DKIM -When used with a wildcard selector, setting an empty public key indicates that all previously used keys are revoked and must be considered unreliable. The owner of a domain can also use this to explicitly signal that a domain is not configured to use e-mail. See our [DKIM how-to](https://github.com/internetstandards/toolbox-wiki/blob/master/DKIM-how-to.md) for more information. +When using a wildcard selector to set an empty public key, you indicate that all previously used keys are revoked and must be considered unreliable. You can also use this to explicitly signal that a domain is not configured to use e-mail. However, [according to the RFC](https://tools.ietf.org/html/rfc6376#section-6.1.2) the absence of a selector / public key (e.g. as a result of deleting the entire DKIM resource record) is semantically equal to a resource record with an empty public key. This means that both approaches should be treated similar by the receiving mail server. + + This See our [DKIM how-to](https://github.com/internetstandards/toolbox-wiki/blob/master/DKIM-how-to.md) for more information. `*._domainkey IN TXT "v=DKIM1; p="`