Update DKIM-how-to.md

This commit is contained in:
Dennis Baaten 2019-08-30 19:07:48 +02:00 committed by GitHub
parent dee0514bca
commit 6624966d70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -26,7 +26,7 @@ A common used technique used by spammers is to trick the receiving party into be
# Tips, tricks and notices for implementation # Tips, tricks and notices for implementation
* Use a DKIM key (RSA) of [at least 1024 bits](https://tools.ietf.org/html/rfc6376#section-3.3.3) to minimize the successrate of offline attacks. Don't go beyond a key size of 2048 bits since this is not mandatory according to the RFC. * Use a DKIM key (RSA) of [at least 1024 bits](https://tools.ietf.org/html/rfc6376#section-3.3.3) to minimize the successrate of offline attacks. Don't go beyond a key size of 2048 bits since this is not mandatory according to the RFC.
* Make sure you to change your DKIM keys regularly. A rotation scheme of 6 months is recommended. * Make sure you to change your DKIM keys regularly. A rotation scheme of 6 months is recommended.
* Parked domains should be explicitly configured to not use e-mail. For DKIM this is done with an empty policy: "v=DKIM1; p=". * It is generally recommended to explicitly configure parked domains to not use e-mail. For DKIM this is done with an empty policy: "v=DKIM1; p=".
# Implementing DKIM with OpenDKIM for Postfix with SpamAssassin # Implementing DKIM with OpenDKIM for Postfix with SpamAssassin
**Specifics for this setup** **Specifics for this setup**