summaryrefslogtreecommitdiffstats
path: root/tracker/Publish_the_DKIM_public_key_to_the_DNS_zone.mdwn
blob: 7c564aeb6e05d5a492d3dfabb88e7d5df5fce88a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
So anyone receiving an e-mail from `fripost.org`'s outgoing SMTP server
(possibly indirectly) can decide whether it's legit or tampered with.

The DKIM public key should be added to `fripost.org`'s DNS zone as a TXT
record, as follows:

    20140112._domainkey.fripost.org. 86400 IN TXT "v=DKIM1\; k=rsa\; p=…"

Having one sub-domain (here `20140112`, the date where the key was
generated) is what Google does; that's a clever way to allow multiple
keys, which is useful for a smooth transition to a stronger key for
instance.

See RFCs [6376](https://tools.ietf.org/html/rfc6376) and
[7001](https://tools.ietf.org/html/rfc7001) for references. The 
[Wikipedia page](https://en.wikipedia.org/wiki/Dkim) might be another
good read.