1 |
Jeroen Geilman wrote: |
2 |
> fire-eyes wrote: |
3 |
>> On my small server I am seeing a sudden inrush of requests to named |
4 |
>> like tihs. Of particular intrest is _domainkey. A quick google search |
5 |
>> didn't really explain why I am seeing so much of this, it's been going |
6 |
>> on almost continuously for 20 minutes. |
7 |
|
8 |
> The _domainkey queries are experimental, or from people who already |
9 |
> implement SPF and Yahoo's scheme for it. |
10 |
> That was 10 seconds of Google, by the way ;-) |
11 |
|
12 |
SPF (http://www.openspf.org/) and DomainKeys |
13 |
(http://antispam.yahoo.com/domainkeys) are not the same thing, although |
14 |
they attempt to address similar problems (albeit in a slightly different |
15 |
manner). |
16 |
|
17 |
DomainKeys uses a TXT record named _domainkey , which holds a public |
18 |
key. The domain's MTA signs outgoing mail with the corresponding private |
19 |
key, and DomainKey-aware receiving MTAs look up the public key and |
20 |
verify the signature. |
21 |
|
22 |
SPF uses a record named after the domain itself, which is in a special |
23 |
format and specifies which machines (by IP address or domain name) can |
24 |
send email claiming to be from that domain. The record type can be |
25 |
either TXT or SPF, but should be both more maximum compatibility. |
26 |
|
27 |
In their current implementations, SPF protects the enveloper sender |
28 |
information (which isn't seen by the end-user, unless s/he examines the |
29 |
header), while DomainKeys protects the From: field. |
30 |
|
31 |
Visit the above-mentioned URLs for more information. |
32 |
|
33 |
Cheers |
34 |
|
35 |
Andrew |