PDA

View Full Version : Feature Request: DomainKeys



testbenchdude
10-25-2006, 02:09 PM
Hi Westhost,

It's nothing new that spoofing and phising are problems. Yahoo and Google (gmail) have implemented a technology known as DomainKeys. This Wikipedia link gives a summary.

http://en.wikipedia.org/wiki/DomainKeys

The advantage of DomainKeys is that it ... "cryptographically proves that the mail did in fact originate at the purported domain, and has not been tampered with in transit".

DomainKeys do not stop spam. But it would significantly reduce "spoofing" and "phishing" if DomainKeys became widely accepted. (Since much spam is spoofing or phishing related I think there would be a significant reduction in spam.)

Are DomainKeys on the horizon at WestHost? I would consider paying an extra $1 per month for DomainKeys if it were available today. I would not pay more than $1 since others already provide DomainKeys at no extra cost.

Thanks,

Ed

rolling
10-26-2006, 04:09 AM
I believe that we have to wait for the promised upgrade to sendmail before we can do this

jball
10-27-2006, 06:07 PM
Dear Ed,

The following is a copy of what I send to clients having trouble with spoofing. Please keep in mind that SPF (Sender Policy Framework) records do not fix the problem completely as this service must be support on both the sending and receiving end:

*****
This issue is becoming more and more common. It is known as e-mail spoofing where a spammer will use your domain name in the from header of an e-mail they send out. Thus, if anything bounces, the mail server rejecting the message will send a response via a Mailer Daemon message to the 'postmaster' for your domain since it is in the from header. The postmaster is setup to redirect to usually something like username@domain.com in accordance to the /etc/mail/aliases file. That is how it works. In order to help eliminate this from occurring, you will need to setup what is called an SPF record (Sender Policy Framework). This record will act as an authentication mechanism for what servers can send e-mail when using your
domain in the from header. One of our Admins can put in the SPF string into your DNS zone file if you go through the the SPF wizard to create the string at the following: http://www.openspf.org/wizard.html

Where there are fields for you to type information, just keep those blank. You basically will need to go through the wizard and set it up so mail will be routed through your IP address and your current MX record as well as the SMTP settings for your Internet Service Provider. Then hit submit and it will show you with a string that will look something like:

yourdomain.com text "v=spf1 a mx include:mail.bellsouth.net ~all"

Just e-mail us this information, and we'll insert it into your DNS zone record which you make it so nobody can send e-mails using your domain name unless they are logged into your e-mail server (which they won't be unless you give them the login information) or if they had an account with your Internet Service Provider and sent mail through their e-mail server (you can take out the Internet Service Provider part of the string in the SPF record if you wish).
*****

You can find lots of good info on this at openspf.org. This does do a pretty good job for a lot of our clients. I am not currently aware of other technologies that we may implement in the near future. I hope that helps.

Justin Ball
Technical Support Representative
Phone: 1-800-222-2165
FAX: 435-755-3449

rolling
10-28-2006, 03:04 AM
Just send a support ticket in to Westhost if you want to implement SPF. They will edit the necessary file for you. I have an article describing my experience at http://www.rollingr.net/wordpress/2006/10/10/

Westhost's DNS server does not currently support a record of the type SPF, so you just need the TXT version.

If you use your own mail server for sending mail, then you do not need to add your ISP

testbenchdude
03-07-2007, 09:50 PM
Sorry it took me so long to respond. Thanks to jball and rolling for the information about SPF. I think I have SPF set up correctly on my domain. Except I think there is one glitch. If I log on to my webmail account at http://webmail.westhost.com and send an email there seems to be a problem when I try to verify by sending an email to auth-results@verifier.port25.com. For some reason I never get the reply when I send from webmail.westhost.com. (Replies come back happy when I send using an email client like Thunderbird.)

It appears that when an email is sent from webmail it gets sent by the server appserve.west-datacenter.net. I can't find an SPF record for this server. What is the proper way to set up SPF to allow this server to send mail from my domain?

Thanks,

Ed

wildjokerdesign
03-08-2007, 07:36 AM
Ed,
I think you need to use this as your SPF record:

yourdomain.com text "v=spf1 a mx include:appserve.west-datacenter.net ~all"
or better yet do not use the webmail interface at webmail.westhost.com. :) If you need to access your email via the web install Uebimiau (http://www.helpdocs.westserver.net/sitemanager/SA_Uebimiau.htm) via your Site Manager. It is the same thing only sends mail through your own domain.

testbenchdude
03-08-2007, 03:54 PM
Thanks for the tip. Uebimiau sounds like the way to go. I'll give it a try.