mirror of
https://github.com/internetstandards/toolbox-wiki.git
synced 2024-11-22 02:51:36 +01:00
Updated DKIM how to (markdown)
This commit is contained in:
parent
bd608f118b
commit
3a20024a96
@ -9,11 +9,13 @@ A common used technique used by spammers is to trick the receiving party into be
|
|||||||
|
|
||||||
# Tips, tricks and notices for implementation
|
# Tips, tricks and notices for implementation
|
||||||
* Use a DKIM key (RSA) of [at least 1024 bits](https://tools.ietf.org/html/rfc6376#section-3.3.3) to minimize the successrate of offline attacks. Don't go beyond a key size of 2048 bits since this is not mandatory according to the RFC.
|
* Use a DKIM key (RSA) of [at least 1024 bits](https://tools.ietf.org/html/rfc6376#section-3.3.3) to minimize the successrate of offline attacks. Don't go beyond a key size of 2048 bits since this is not mandatory according to the RFC.
|
||||||
* Make you to change your DKIM keys regularly. A rotation scheme of 6 months is recommended.
|
* Make sure you to change your DKIM keys regularly. A rotation scheme of 6 months is recommended.
|
||||||
* Parked domains should be explicitly configured to not use e-mail. For DKIM this is done with an empty policy: "v=DKIM1; p=".
|
* Parked domains should be explicitly configured to not use e-mail. For DKIM this is done with an empty policy: "v=DKIM1; p=".
|
||||||
|
|
||||||
# Outbound e-mail traffic
|
# Outbound e-mail traffic
|
||||||
DNS record
|
DKIM for outbound e-mail traffic can be accomplished by publishing a DKIM policy as a TXT record in a domain name's DNS zone, and by configuring the e-mail server to sign outbound e-mails.
|
||||||
|
|
||||||
|
## Creating a DKIM policy
|
||||||
|
|
||||||
Signing in Postfix
|
Signing in Postfix
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user