Amazon Route 53 – DMARC und Performance

Ich hatte vor kurzem die Erfahrung gemacht – das Mails meines guten, alten Postfix-Servers nicht zu Microsoft outlook.com durchgeleitet wurden.

Erst hatte ich geprüft ob wir auf irgendeiner Spam-Liste gelandet waren – das war nicht der Fall. Wir waren auf einer „Blockliste“ innerhalb von outlook.com gelandet. (Hier kann man die übrigens wieder zum löschen beantragen: https://support.live.com/eform.aspx?productKey=edfsmsbl3&ct=eformts&scrx=1 )

Das war es dann leider auch noch nicht final. Tests zeigten das a) unserem Mailserver die DMARC-Records fehlten und b) der DNS-Server mit ca 150ms dem Outlook.com server zu lahm war. „Amazon Route 53 – DMARC und Performance“ weiterlesen

Amazon Route 53 – DMARC und Performance

DKIM vs. SPF -Or- Domainkeys versus Sender Policy Framework

DKIM as well as SPF are used to prevent or help to prevent Spam. Finaly they can be used both in parallel as they use different techniques to help to verify if a mail is realy coming from a mailhost.
Quote start

SPF

A basic way for a domain holder to state which servers are authorized to send email. Decentralized domains (such as an ISP), are challenged to support this since users might be sending email from anywhere. The SPF authenticity can be evaluated even after the email has arrived.

DomainKeys

Used during the transmission of an email message between server to server. The security model is similar analogous to SSL communication where the end points establish a trust relationship.
DKIM is a going a bit more complicated as SPF, as they encrypt a part of the email with a certificate.

Quote from DKIM-Site:

DKIM defines an authentication mechanism for email, using:

  • A domain name identifier
  • Public-key cryptography
  • A DNS-based public key publishing service.

An agent in the message transit path can sign the message content and selected header fields. The signature information is placed into a field of the RFC2822 message header.

Validation of the signature, by a later agent in the path, demonstrates that the signing identity took responsibility for the message.

There also are mechanisms for listing formal assertions about the signature or the message. This publicly registers the signing organization’s message signing practices.

SPF just provide an information which mailhosts are allowed to send in mails. The most MTAs f.e. qmail actually supporting DKIM.

DKIM vs. SPF -Or- Domainkeys versus Sender Policy Framework