Git/email-toolbox-wiki
1
0
Fork 0
mirror of https://github.com/internetstandards/toolbox-wiki.git synced 2025-11-04 07:45:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated DKIM how to (markdown)

Browse Source
This commit is contained in:
Dennis Baaten
2019-06-06 18:10:34 +02:00
parent bd608f118b
commit 3a20024a96
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
DKIM-how-to.md
View File

@@ -9,11 +9,13 @@ A common used technique used by spammers is to trick the receiving party into be
# Tips, tricks and notices for implementation # Tips, tricks and notices for implementation
* Use a DKIM key (RSA) of [at least 1024 bits](https://tools.ietf.org/html/rfc6376#section-3.3.3) to minimize the successrate of offline attacks. Don't go beyond a key size of 2048 bits since this is not mandatory according to the RFC. * Use a DKIM key (RSA) of [at least 1024 bits](https://tools.ietf.org/html/rfc6376#section-3.3.3) to minimize the successrate of offline attacks. Don't go beyond a key size of 2048 bits since this is not mandatory according to the RFC.
* Make you to change your DKIM keys regularly. A rotation scheme of 6 months is recommended. * Make sure you to change your DKIM keys regularly. A rotation scheme of 6 months is recommended.
* Parked domains should be explicitly configured to not use e-mail. For DKIM this is done with an empty policy: "v=DKIM1; p=". * Parked domains should be explicitly configured to not use e-mail. For DKIM this is done with an empty policy: "v=DKIM1; p=".
# Outbound e-mail traffic # Outbound e-mail traffic
DNS record DKIM for outbound e-mail traffic can be accomplished by publishing a DKIM policy as a TXT record in a domain name's DNS zone, and by configuring the e-mail server to sign outbound e-mails.
## Creating a DKIM policy
Signing in Postfix Signing in Postfix