RISC OS Open: Forum: DKIM

Feb 19, 2023 9:42pm

I don’t remember what triggered me to look, but most of the emails I receive have a DKIM signature. The notable exceptions are from RISC OS users. In turn this made me look at my email service provider, whose news pages contain an item from 2011 claiming that DKIM is enabled. My experients show that none of the emails I send, be they from MPro or webmail, contain a DKIM header.

There are, of course, two parts to DKIM to make it useful: adding the signature on send, and checking the signature on receive.

Does anyone know what is necessary on sending? Does any of it rely on the client doing something? What I’ve read from Wikipedia suggests not, but Wikipedia it not necessarily 100% accurate.

On receive, presumably MPro would have to be enhanced to do the check, maybe colouring the email if the signature is missing or does not match. That’s another problem for another day.

Feb 20, 2023 7:45am

Steve Pampling (1551) 8170 posts

Not something I’ve had close association with at UHCW¹, but you’re looking at server based config with elements of DNS record amendments to pass forward the info.

https://www.dmarcanalyzer.com/what-is-a-dkim-selector/

Useful check site for various aspects https://mxtoolbox.com/SuperTool.aspx

¹ That domain is all set up.

Feb 20, 2023 11:18am

Grahame Parish (436) 481 posts

As I understand it, it’s the receiving mail server that does the checking, not the mail client. I’ve been looking at doing this for my domains, as I run my own mail server, but just haven’t got round to it yet…

Feb 20, 2023 6:05pm

Steve Pampling (1551) 8170 posts

I’ve been looking at doing this for my domains, as I run my own mail server, but just haven’t got round to it yet…

Just getting the SPF record to match all our requirements was fun enough.
Not likely to be an issue for small/simple user domains, but there’s a 255 char limit on SPF txt records – with a way round it if you try.

Feb 20, 2023 7:32pm

Dave Higton (1515) 3525 posts

As I understand it, it’s the receiving mail server that does the checking, not the mail client.

Yes, I read something this afternoon that suggests the same.

My email service provider is inbox.com, and their news from 2011 claims that they provide DKIM and it’s enabled, but I have to doubt that as there is nowhere that I can find to put the private key. I know where to put the public key, which is nothing to do with them. But without both in place, nothing can possibly work.

Everything I read suggests that the outgoing client is not the entity that adds the DKIM signature, and it looks like it must be the outgoing server.

There’s one other surprise: the two wizards I’ve looked at for creating the keys generate private keys of 1024 bits minimum, but the most common algorithm is rsa-256. Are those things compatible?

DKIM

Reply

Search forums

Social

ROOL Store

Donate! Why?

RISC OS IPR

Description

Voices

Options

Feb 19, 2023 9:42pm Dave Higton (1515) 3525 posts	I don’t remember what triggered me to look, but most of the emails I receive have a DKIM signature. The notable exceptions are from RISC OS users. In turn this made me look at my email service provider, whose news pages contain an item from 2011 claiming that DKIM is enabled. My experients show that none of the emails I send, be they from MPro or webmail, contain a DKIM header. There are, of course, two parts to DKIM to make it useful: adding the signature on send, and checking the signature on receive. Does anyone know what is necessary on sending? Does any of it rely on the client doing something? What I’ve read from Wikipedia suggests not, but Wikipedia it not necessarily 100% accurate. On receive, presumably MPro would have to be enhanced to do the check, maybe colouring the email if the signature is missing or does not match. That’s another problem for another day.

Feb 20, 2023 7:45am Steve Pampling (1551) 8170 posts	Not something I’ve had close association with at UHCW¹, but you’re looking at server based config with elements of DNS record amendments to pass forward the info. https://www.dmarcanalyzer.com/what-is-a-dkim-selector/ Useful check site for various aspects https://mxtoolbox.com/SuperTool.aspx ¹ That domain is all set up.

Feb 20, 2023 11:18am Grahame Parish (436) 481 posts	As I understand it, it’s the receiving mail server that does the checking, not the mail client. I’ve been looking at doing this for my domains, as I run my own mail server, but just haven’t got round to it yet…

Feb 20, 2023 6:05pm Steve Pampling (1551) 8170 posts	I’ve been looking at doing this for my domains, as I run my own mail server, but just haven’t got round to it yet… Just getting the SPF record to match all our requirements was fun enough. Not likely to be an issue for small/simple user domains, but there’s a 255 char limit on SPF txt records – with a way round it if you try.

Feb 20, 2023 7:32pm Dave Higton (1515) 3525 posts	As I understand it, it’s the receiving mail server that does the checking, not the mail client. Yes, I read something this afternoon that suggests the same. My email service provider is inbox.com, and their news from 2011 claims that they provide DKIM and it’s enabled, but I have to doubt that as there is nowhere that I can find to put the private key. I know where to put the public key, which is nothing to do with them. But without both in place, nothing can possibly work. Everything I read suggests that the outgoing client is not the entity that adds the DKIM signature, and it looks like it must be the outgoing server. There’s one other surprise: the two wizards I’ve looked at for creating the keys generate private keys of 1024 bits minimum, but the most common algorithm is rsa-256. Are those things compatible?