Implementing domainlkeys signature

Kob · Post by **Kob** » 2005-10-01 13:20

No rush, but it may be a good idea to try to implement Yahoo's domainkeys system to combat spam. I see that gmail has implemented this too.

See the details in:

http://antispam.yahoo.com/domainkeys
and in
http://domainkeys.sourceforge.net/

cmurphy54 · Post by **cmurphy54** » 2005-10-01 19:36

Duplicate request of this one here:

http://www.hmailserver.com/forum/viewto ... domainkeys

Although that one doesn't have the two question poll interface.

Post by **martin** » 2005-10-01 20:50

I removed the other one..

iprat · Post by **iprat** » 2005-10-02 01:28

DK seems to have evolved to "DomainKeys Identified Mail (DKIM)", wich provides tools to fight spam and pishing even better than DK.

I think that if Martin decides to implement DK, should try to do the work only once and support DK and DKIM (in fact I think DK is a subset of DKIM functions).

Best regards,

Info:
http://mipassoc.org/dkim/
http://www.ietf.org/internet-drafts/dra ... ase-00.txt
http://files.altn.com/MDaemon/White_Pap ... Daemon.pdf

Ignasi

CraigHarris · Post by **CraigHarris** » 2005-12-16 13:49

Is this going to be implemented both for checking incoming mail & for signing outgoing mail?
This would be a really nice feature to have, and the existing free libraries seem to implement everything.

iprat · Post by **iprat** » 2005-12-16 14:00

Hope so ! But I think it's poll ranking and Martin's decision.

Anyway Martin seems to be very interested in impementing spam fighting tools for 4.3, maybe will give some extra points to spam fighting related feature requests.... but anyway it's Martin who's gona have to make it so he'll decide

Slug · Post by **Slug** » 2006-04-19 18:10

bump

ajw · Post by **ajw** » 2006-05-07 23:59

Just came here to vote 'yes' - the voting buttons aren't there any more. (uh, at least for me :)

Was that because it's being implemented in 4.3 or after?

My ISP (cablemodem - Comcast) doesn't support SPF on their server and since I send via their server when at home, I can't use SPF for my domain. Haven't looked at Domain keys yet (nor DKIM at all...) so I don't know if I can use that, but I'd sure like both SPF and DK/DKIM in hMailServer!

- Al Weiner -

ajw · Post by **ajw** » 2006-05-08 00:01

oh, now *that's* funny!?!? After posting the above, the voting buttons are there, and the results aren't! Ok, so I'm voting yes...

- Al -

westdam · Post by **westdam** » 2006-10-27 18:10

yes.l
also sender id will be interesting..

brashquido · Post by **brashquido** » 2007-03-14 14:55

Voted yes

ulas · Post by **ulas** » 2007-04-09 12:59

now , hotmail and yahoo generally dont accept mails if you dont have domainkeys or SPF records. If you have necessary records , reverse DNS and domainkey , they accept your mail to inboxs. If martin implements the function, it will give more freedom to send e-mails to hotmail,yahoo and etc.

Post by **martin** » 2007-04-09 13:12

> hotmail and yahoo generally dont accept mails if you dont
> have domainkeys

Where can I read more about that? I don't have domainkeys for my domain, but have no problems sending email to Hotmail or Yahoo.

iprat · Post by **iprat** » 2007-04-10 10:47

Hi Martin, are you asking for more info about DKIM ? Weren't the links supplied at the beginning of this thread enough ? maybe you are asking for more info about Hotmail incompatibility problems (which I don't know anything about) ?

Post by **martin** » 2007-04-10 12:15

I was wondering about the Hotmail incompatibility problems since I've never had problems with it myself which I've been able to safely relate to DKIM.

iprat · Post by **iprat** » 2007-04-10 12:29

I don't use SPF (still have no control over my DNS's, to be changed in the next weeks) nor DKIM, and I'm able to send to hotmail, so there must be something else for hotmail to block your emails.

brashquido · Post by **brashquido** » 2007-04-12 14:00

DKIM won't help you for sending to Hotmail. They use SenderID and their own SmartScreen technology. Funny thing is that SenderID was canned by ITEF, yet Microsoft pushed on even though the PRA element of SenderID (which was developed by Microsoft themselves as I understand it) was fundamentally flawed as it is incompatible with SPF. If you have an SPF policy in place, then it is very likely that this could be the very cause of why you can't send to Hotmail. Your SPF policy might well be ok, but what you'll need to do is set up a specific PRA policy in addition to your SPF policy. Confused yet?

I did this a month or so ago and email from my domain are now starting to filter through to Hotmail accounts, although it is still hit and miss.

Pieter · Post by **Pieter** » 2007-05-23 15:50

DomainKeys is now officially a proposed standard by the IETF (SenderID still is not!):
http://news.com.com/Promising%20antispa ... l?part=rss

iprat · Post by **iprat** » 2007-05-23 16:47

Good to know !

Although I think there's no plans to include it in V5, seems there's a look of work with Unicode and the former feature requests:

Shared folders when using IMAP (93 votes) Under development
SSL server support (92 votes) Under development
SpamAssasin Integration (66 votes) No info at this moment
Implementing domainlkeys signature (46 votes) No info at this moment but we can expect at least that the previous one must be done before this.

Anyway I'm sure sooner or later this will be implemented in hMailServer.

atifdarr · Post by **atifdarr** » 2007-06-06 17:10

Any clues on how you are feeling about adding this feature?

Frater · Post by **Frater** » 2007-12-18 12:10

I have voted yes for this would like this feature as well

krellkraver · Post by **krellkraver** » 2008-01-15 03:34

This would be a great feature in an open-source Windows MTA.

richardhardatwork · Post by **richardhardatwork** » 2008-02-18 18:48

I voted yes to this feature, I have hmail as my email software and the only thing missing for my email validation is Implementing domainlkeys signature

Does anybody know how long it will be untill this feature is added?

brunnels · Post by **brunnels** » 2008-02-19 17:31

A lot of push on this subject. Anyone see this?

http://www.networkworld.com/news/2008/0 ... ising.html

I vote yes to implement RFC 4871 DKIM

GravitySpec · Post by **GravitySpec** » 2008-05-20 02:56

Is this going to be implemented soon? I'm running a Drupal site on my own dedicated server running hMailServer but a lot of my mails from Drupal are getting rejected as spam (namely new registration e-mails). In the message headers in Yahoo it says neutral DomainKeys (no sig). I'm also seeing my messages being blocked by MSN and Google, even though SPF is fine and shows that it is authenticating correctly. Seems DKIM is becoming the new measuring stick.

mdwait · Post by **mdwait** » 2008-06-11 19:39

Is this in the 5.0 Ver?..... We need it to handle Yahoo
They move a great deal of email to the "SPAM" bucket - because we don't have the domain keys.

Post by **martin** » 2008-06-11 21:36

No, probably in 5.1. I think it's already possible to set up a script to accomplish it though:
http://www.hmailserver.com/forum/viewto ... f=7&t=3797

birendersinghbudhwar · Post by **birendersinghbudhwar** » 2008-08-06 09:28

Its all about the smtp host name and Ip address, then you can send and recive emails from any were no one can block your emails.

How...?

first think is that you have to give your smtp a valid host name, whose ip address is same as your smtp server, and your IP shount not be listed in any SPAM blacklisted.

If the above given condition is matched then no one can block your emails from your mail server. one more think is that you need to set your Ip address reverse lookup to your domain name some of the IP address have this format....

xx.xx.xx.xx.xyz.net.nz so all ip series have this xyz.net.nz is attached if one of that IP is listed then all the series which contains this domain xyz.net.nz attached all are got blacklisted.

so this is the mails problem now days ISP's are doing they add their domain name in their Ip ranges so a end users cant use that IP for commercial use like hosting etc.... you need a IP address which dont have domain name format in your Ip range you can check your IP address name format in http://www.ip-adress.com/ipaddresstolocation/

Birender

JohnnyW · Post by **JohnnyW** » 2008-09-17 17:43

Hotmail doesn't use DKIM or Domain Keys... but Yahoo does! Unfortunately Yahoo uses Domain Keys but NOT DKIM - so you need to implement both.

Post by **martin** » 2008-12-13 00:12

JohnnyW wrote:Hotmail doesn't use DKIM or Domain Keys... but Yahoo does! Unfortunately Yahoo uses Domain Keys but NOT DKIM - so you need to implement both.

Why would I implement an obsolete technology just because Yahoo use it? Yahoo has participated in creating the new standard and also participated in marking the old standard, Domain Keys, as obsolete. DomainKeys Identified Mail will be implemented, Domain Keys will not.

Post by **martin** » 2008-12-16 15:53

Anyone here who has used Domain keys before?

I'm thinking of which options to make configurable, so if anyone has any opinions....

Signing

In every domain

Enable DKIM
Private key file (location)
Selector string

Verification

Server-wide setting

Enable DKIM
Score

The remaining settings will be hard-coded. For example, hMailServer will use rsa-sha256 signing, and always the relaxed canonicalization algorithm.

The tagging will be made just before hMailServer starts to deliver the messages (after the global rules have been run but before the actual delivery is made).

Post by **martin** » 2009-02-03 13:58

Moving to archive since it's included in 5.1.