[BlueOnyx:21322] Re: SPF, DKIM & DMARC

Roy Urick rurick at usa.net
Thu Aug 31 14:12:54 -05 2017 

I've reached the limit of my expertise as I've never done DKIM on these 
boxes. Hopefully somebody else here can help.  But if everyone had 
accurate SPFs life would be better.


On 8/31/2017 11:51 AM, Lewis Gardner wrote:
>
> Thanks for the quick reply.
>
> I can assure you there are a lot of "domain owners" that don't 
> understand this. I'd say the vast majority. That you only get one 
> complaint a month says something...
>
> The question is how to implement, especially the 1024 bit RSA key. I 
> can find documentation on how to do this with cpanel but not with 
> BlueOnyx. Have I missed something obvious?
>
>
> Roy Urick wrote:
>> SPF when configured properly makes for quick, efficient filtering of 
>> spoofed domain spam. Our filters check the SPF first, and if the SPF 
>> doesnt match, it doesnt even bother wasting any CPU cycles to check 
>> the actual content of the message.(and throws it out)
>>
>> The only downside is dealing with domain owners who don't understand 
>> them who then complain when you cant/wont accept their email. I have 
>> to deal with at least one person per month that is being blocked 
>> because their domain's SPF is incorrect. I actually had one SSL 
>> certificate reseller last week that didnt include the domain of the 
>> SSL provider so we wouldnt accept their emails. (the SSL provider was 
>> sending on their behalf and the reseller didnt include the provider's 
>> servers in their record) And telling the reseller support rep why we 
>> werent getting the messages resulted in confusion and got us nowhere. 
>> ("I dont know what you are talking about. I'm just a CSR.")
>>
>> On 8/31/2017 11:05 AM, Lewis Gardner wrote:
>>>
>>> I'm struggling on how to set up these records for domains hosted on 
>>> a 5209R server.
>>>
>>> The SPF record looks fairly straightforward. Make a TXT DNS entry 
>>> with some test.
>>>
>>> DKIM appears to need a 1024 bit RSA key. Where do I get this? I 
>>> assume there I need one per domain so a server may have several?
>>>
>>> DMARC appears to be like SPF in that it is another TXT DNS entry.
>>>
>>> Personally I think most of this is lipstick on a pig in that these 
>>> methods appear to be attempts to make something secure that is 
>>> inherently not. But I'm not in charge...
>>>
>>> Any pointers?
>>> _______________________________________________
>>> Blueonyx mailing list
>>> Blueonyx at mail.blueonyx.it
>>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>>
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at mail.blueonyx.it
>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list