Blog

Blog Search

Search this site

Advertisements

Everything Else

Sponsor

Wood Watch Review

Google Custom Searches

Custom Blogger Search
Custom Sametime Search
Custom XPages Search

Subscribe

Subscribe via RSS

Recent Tweets

Hosting by

You are here: Home › Blog

Some thoughts on Domain Keys for SMTP


Tags :


This is the proposal from Yahoo! for an SMTP standard for mail verification of sorts.  Basically it looks to verify if the sending domain was forged, through a form of key checking.  Today's discussion will take a quick peek at the steps required to set it up.  The diagram this describes can be found right here.

Set up: The domain owner (typically the team running the email systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed). The public key is published in DNS, and the private key is made available to their DomainKey-enabled outbound email servers.

Signing: When each email is sent by an authorized end-user within the domain, the DomainKey-enabled email system automatically uses the stored private key to generate a digital signature of the message. This signature is then pre-pended as a header to the email, and the email is sent on to the target recipient's mail server.

So if we follow this, you as the faithful email administrator, must create the key structure and get it published in DNS for the receiving servers to work with.  If you use a service provider for outbound email services, then there could be a longer delay or even non-support at getting this implemented.  I do like the idea of multiple keys for numerous domains.  Of course there could be management issues if DNS is not handled properly or no good tools are in place.  I cannot see handling this with text files and FTP.  A good management console would be a bonus.  Then your mail server must be able to go out and check the key for verification.  How many of you block servers from making outbound calls?  And then each call would need to go to the DNS server for the domain.  So making a simple list does not work.  You will get referred all over the place as you do now for web address lookups for browsing.

Tomorrow lets talk about the receiving side and put all this together.