turning on DKIM verification for the email lists
Derek Atkins
warlord at MIT.EDU
Mon Dec 9 09:04:38 EST 2013
John Ralls <jralls at ceridwen.us> writes:
> On Dec 6, 2013, at 7:32 AM, Derek Atkins <warlord at MIT.EDU> wrote:
>
>> Hey, all,
>>
>> I just wanted to let people know that I'm considering turning up the
>> DKIM validation knob on incoming mail to the gnucash server. In
>> particular I plan to have the mail server discard mail that fails DKIM
>> signature validation, and I'm debating turning on ADSPDiscard, although
>> if I do this I probably need to get it to ignore local mail.
>>
>> This is after a conversion I had yesterday with an admin at apple.com
>> based on a mailman bounce to a forged address that got sent up to
>> spamcop.
>>
>> Please let me know your thoughts.
>
> My understanding of that is that it will result only in dropping mail
> which lacks a DKIM signature but the supposed source domain's DNS
> record says that it should be signed and that unsigned mail should be
> discarded. Do you really see that much traffic meeting those
> conditions?
Looking at the particular resources involved it wouldn't have stopped
the apple.com mail from arriving; they don't specify to drop unsigned
email! So it wouldn't have even helped here. :-/
Still, it's led me to the desire to upgrade code to a newer OS (it's
2-1/2 years out of date). My plan is to work on that over the Xmas/New
Years holiday breaks. I've got 5 blocks of 2-day breaks between the
20th and 6th where I plan to install a new system and hopefully migrate
the existing code services.
> Regards,
> John Ralls
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the gnucash-devel
mailing list