←back to thread

Understanding SPF, DKIM, and DMARC: A Simple Guide

(github.com)
443 points miles | 2 comments | 17 Jun 24 17:35 UTC | HN request time: 0.412s | source
Show context
nubinetwork ◴[18 Jun 24 04:03 UTC] No.40713959[source]
These kinds of articles pop up on HN all the time...

Give me a mail server that can use LE for certificates and I'll gladly give DKIM and DMARC a try...

replies(2): >>40714053 #>>40714150 #
1. inejge ◴[18 Jun 24 04:44 UTC] No.40714150[source]
You don't need public certificates for DKIM, it uses privately generated ones for as long as you want to keep them. (A security researcher recently found quite a few domains using weak DKIM keys generated by buggy Debian OpenSSL, more than fifteen years ago.)
replies(1): >>40714289 #
2. nubinetwork ◴[18 Jun 24 05:20 UTC] No.40714289[source]
I could swear at one point you needed one, but I just half-setup opendkim and it generated one without me needing to make one by hand... when I get around to updating the DNS on my personal domains, I guess I'll see how things turn out.