From bf94d3f8014b0748cb77305c981602cf59699b55 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 14 Jul 2014 05:55:12 +0200 Subject: Mention DKIM. --- e-post/doman.mdwn | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/e-post/doman.mdwn b/e-post/doman.mdwn index 50e9b22..07e53da 100644 --- a/e-post/doman.mdwn +++ b/e-post/doman.mdwn @@ -98,3 +98,37 @@ way to discover what are the valid recipients under a given domain.) Also, please don't forget the reserved addresses `postmaster@` and `abuse@`, which have a special treatment and will bypass your catchall address, see above. + +## Why are my outgoing emails signed with Fripost's DKIM key? + +When you're using our Mail Submission Agent (`smtp.fripost.org`, see our +[wiki page](http://wiki.fripost.org/konfigurera/) on the subject) or our +[webmail](https://mail.fripost.org) to send an email, you might have +noticed a "DKIM-Signature" field in the mail header on the receiver side: + + DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fripost.org; ...; s=20140703; ... + +This field was added just before your mail left Fripost's infrastructure. The +selector and signing domain, respectively given by "s=" and "d=", provide a way +for the receiver to fetch the public part of the key used to sign the message, +as it can be found in the signing domain's DNS zone: + + $ dig +short 20140703._domainkey.fripost.org TXT + "v=DKIM1\; k=rsa\; t=s\; s=email\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUIUVYm2WCwrXYd+cEIpKPSaxm5MxqFP3Ie7nAo+ZCLgt+oEPTuGA2dwqXAo04BeJERDKV5AGNusdn0EObjFApQZGtD7ROPrdtSMsQsOC2jDrk/FVIBWjk8NeXXA8eFHBLgB4WhByerrHYvCKO4wR5N6bT+y/QDWl868WM7ejEHwIDAQAB" + +Wikipedia has a [a nice overview](https://en.wikipedia.org/wiki/Dkim) on +DKIM (DomainKeys Identified Mail). + +Your email is being signed with fripost.org's key whenever you use our +machine to send it, regardless of the identity you used ("From:" header +or enveloppe sender address), because Fripost is stamping your message +the last time it sees it, just before throwing it in the wild, and can +guaranty its integrity on your behalf. + +If you use your own domain for outgoing mail, note however that the +fact that your messages are signed by Fripost's key and not your own +might be emphasized by the receiver's mail client, for instance +[GMail](https://support.google.com/mail/answer/1311182). This doesn't +really disclose anything as our domain can be found in the mail header +anyway, but if you prefer to have your own key drop us a line, will find +something out. -- cgit v1.2.3