summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2014-07-14 05:55:12 +0200
committerGuilhem Moulin <guilhem.moulin@fripost.org>2014-07-14 05:55:12 +0200
commitbf94d3f8014b0748cb77305c981602cf59699b55 (patch)
tree350bdbf8b6a336614be399214709d65a61d39e0d
parent8e7fada203466727a62f589f43f1325facb0f202 (diff)
Mention DKIM.
-rw-r--r--e-post/doman.mdwn34
1 files changed, 34 insertions, 0 deletions
diff --git a/e-post/doman.mdwn b/e-post/doman.mdwn
index 50e9b22..07e53da 100644
--- a/e-post/doman.mdwn
+++ b/e-post/doman.mdwn
@@ -98,3 +98,37 @@ way to discover what are the valid recipients under a given domain.)
Also, please don't forget the reserved addresses `postmaster@` and
`abuse@`, which have a special treatment and will bypass your catchall
address, see above.
+
+## Why are my outgoing emails signed with Fripost's DKIM key?
+
+When you're using our Mail Submission Agent (`smtp.fripost.org`, see our
+[wiki page](http://wiki.fripost.org/konfigurera/) on the subject) or our
+[webmail](https://mail.fripost.org) to send an email, you might have
+noticed a "DKIM-Signature" field in the mail header on the receiver side:
+
+ DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fripost.org; ...; s=20140703; ...
+
+This field was added just before your mail left Fripost's infrastructure. The
+selector and signing domain, respectively given by "s=" and "d=", provide a way
+for the receiver to fetch the public part of the key used to sign the message,
+as it can be found in the signing domain's DNS zone:
+
+ $ dig +short 20140703._domainkey.fripost.org TXT
+ "v=DKIM1\; k=rsa\; t=s\; s=email\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUIUVYm2WCwrXYd+cEIpKPSaxm5MxqFP3Ie7nAo+ZCLgt+oEPTuGA2dwqXAo04BeJERDKV5AGNusdn0EObjFApQZGtD7ROPrdtSMsQsOC2jDrk/FVIBWjk8NeXXA8eFHBLgB4WhByerrHYvCKO4wR5N6bT+y/QDWl868WM7ejEHwIDAQAB"
+
+Wikipedia has a [a nice overview](https://en.wikipedia.org/wiki/Dkim) on
+DKIM (DomainKeys Identified Mail).
+
+Your email is being signed with fripost.org's key whenever you use our
+machine to send it, regardless of the identity you used ("From:" header
+or enveloppe sender address), because Fripost is stamping your message
+the last time it sees it, just before throwing it in the wild, and can
+guaranty its integrity on your behalf.
+
+If you use your own domain for outgoing mail, note however that the
+fact that your messages are signed by Fripost's key and not your own
+might be emphasized by the receiver's mail client, for instance
+[GMail](https://support.google.com/mail/answer/1311182). This doesn't
+really disclose anything as our domain can be found in the mail header
+anyway, but if you prefer to have your own key drop us a line, will find
+something out.