turning on DKIM verification for the email lists

Derek Atkins warlord at MIT.EDU
Mon Dec 9 09:04:38 EST 2013

John Ralls <jralls at ceridwen.us> writes:

> On Dec 6, 2013, at 7:32 AM, Derek Atkins <warlord at MIT.EDU> wrote:
>> Hey, all,
>> I just wanted to let people know that I'm considering turning up the
>> DKIM validation knob on incoming mail to the gnucash server.  In
>> particular I plan to have the mail server discard mail that fails DKIM
>> signature validation, and I'm debating turning on ADSPDiscard, although
>> if I do this I probably need to get it to ignore local mail.
>> This is after a conversion I had yesterday with an admin at apple.com
>> based on a mailman bounce to a forged address that got sent up to
>> spamcop.
>> Please let me know your thoughts.
> My understanding of that is that it will result only in dropping mail
> which lacks a DKIM signature but the supposed source domain's DNS
> record says that it should be signed and that unsigned mail should be
> discarded. Do you really see that much traffic meeting those
> conditions?

Looking at the particular resources involved it wouldn't have stopped
the apple.com mail from arriving; they don't specify to drop unsigned
email!  So it wouldn't have even helped here.  :-/

Still, it's led me to the desire to upgrade code to a newer OS (it's
2-1/2 years out of date).  My plan is to work on that over the Xmas/New
Years holiday breaks.  I've got 5 blocks of 2-day breaks between the
20th and 6th where I plan to install a new system and hopefully migrate
the existing code services.

> Regards,
> John Ralls


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the gnucash-devel mailing list