diff options
| author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2014-07-14 05:55:12 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2014-07-14 05:55:12 +0200 |
| commit | bf94d3f8014b0748cb77305c981602cf59699b55 (patch) | |
| tree | 350bdbf8b6a336614be399214709d65a61d39e0d | |
| parent | 8e7fada203466727a62f589f43f1325facb0f202 (diff) | |
Mention DKIM.
| -rw-r--r-- | e-post/doman.mdwn | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/e-post/doman.mdwn b/e-post/doman.mdwn index 50e9b22..07e53da 100644 --- a/e-post/doman.mdwn +++ b/e-post/doman.mdwn @@ -98,3 +98,37 @@ way to discover what are the valid recipients under a given domain.) Also, please don't forget the reserved addresses `postmaster@` and `abuse@`, which have a special treatment and will bypass your catchall address, see above. + +## Why are my outgoing emails signed with Fripost's DKIM key? + +When you're using our Mail Submission Agent (`smtp.fripost.org`, see our +[wiki page](http://wiki.fripost.org/konfigurera/) on the subject) or our +[webmail](https://mail.fripost.org) to send an email, you might have +noticed a "DKIM-Signature" field in the mail header on the receiver side: + + DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fripost.org; ...; s=20140703; ... + +This field was added just before your mail left Fripost's infrastructure. The +selector and signing domain, respectively given by "s=" and "d=", provide a way +for the receiver to fetch the public part of the key used to sign the message, +as it can be found in the signing domain's DNS zone: + + $ dig +short 20140703._domainkey.fripost.org TXT + "v=DKIM1\; k=rsa\; t=s\; s=email\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUIUVYm2WCwrXYd+cEIpKPSaxm5MxqFP3Ie7nAo+ZCLgt+oEPTuGA2dwqXAo04BeJERDKV5AGNusdn0EObjFApQZGtD7ROPrdtSMsQsOC2jDrk/FVIBWjk8NeXXA8eFHBLgB4WhByerrHYvCKO4wR5N6bT+y/QDWl868WM7ejEHwIDAQAB" + +Wikipedia has a [a nice overview](https://en.wikipedia.org/wiki/Dkim) on +DKIM (DomainKeys Identified Mail). + +Your email is being signed with fripost.org's key whenever you use our +machine to send it, regardless of the identity you used ("From:" header +or enveloppe sender address), because Fripost is stamping your message +the last time it sees it, just before throwing it in the wild, and can +guaranty its integrity on your behalf. + +If you use your own domain for outgoing mail, note however that the +fact that your messages are signed by Fripost's key and not your own +might be emphasized by the receiver's mail client, for instance +[GMail](https://support.google.com/mail/answer/1311182). This doesn't +really disclose anything as our domain can be found in the mail header +anyway, but if you prefer to have your own key drop us a line, will find +something out. |