| 1 |
Jeroen Geilman wrote: |
| 2 |
> fire-eyes wrote: |
| 3 |
>> On my small server I am seeing a sudden inrush of requests to named |
| 4 |
>> like tihs. Of particular intrest is _domainkey. A quick google search |
| 5 |
>> didn't really explain why I am seeing so much of this, it's been going |
| 6 |
>> on almost continuously for 20 minutes. |
| 7 |
|
| 8 |
> The _domainkey queries are experimental, or from people who already |
| 9 |
> implement SPF and Yahoo's scheme for it. |
| 10 |
> That was 10 seconds of Google, by the way ;-) |
| 11 |
|
| 12 |
SPF (http://www.openspf.org/) and DomainKeys |
| 13 |
(http://antispam.yahoo.com/domainkeys) are not the same thing, although |
| 14 |
they attempt to address similar problems (albeit in a slightly different |
| 15 |
manner). |
| 16 |
|
| 17 |
DomainKeys uses a TXT record named _domainkey , which holds a public |
| 18 |
key. The domain's MTA signs outgoing mail with the corresponding private |
| 19 |
key, and DomainKey-aware receiving MTAs look up the public key and |
| 20 |
verify the signature. |
| 21 |
|
| 22 |
SPF uses a record named after the domain itself, which is in a special |
| 23 |
format and specifies which machines (by IP address or domain name) can |
| 24 |
send email claiming to be from that domain. The record type can be |
| 25 |
either TXT or SPF, but should be both more maximum compatibility. |
| 26 |
|
| 27 |
In their current implementations, SPF protects the enveloper sender |
| 28 |
information (which isn't seen by the end-user, unless s/he examines the |
| 29 |
header), while DomainKeys protects the From: field. |
| 30 |
|
| 31 |
Visit the above-mentioned URLs for more information. |
| 32 |
|
| 33 |
Cheers |
| 34 |
|
| 35 |
Andrew |
Archives