SPF and DomainKeys Plugin for Thunderbird
Joshua Tauberer's Sender Verification plugin for thunderbird now supports Yahoo! DomainKeys.
I have been using the plugin for a few days now, and it works pretty well. You might need to tell it some IPs of mail servers on your network, but the interface makes it easy to do this as needed. You probably also want to host your own lookup server (a perl script you can download from the site), there is only one default, and I'm sure it will start to slow down as more people use it.
If your not familiar with SPF or domainkeys, here's how they work...
SPF records are simply a DNS records that tell mail servers receiving your mail which IP addresses are allowed to send mail from your domain. So if I run on my unix command line:
dig TXT cfdev.com
I get the result:
"v=spf1 mx ptr ip4:126.96.36.199/28 ~all"
That's my SPF record for cfdev.com, it says that any MX record, anything that points to *.cfdev.com, or any IP within our subnet are the ONLY can send mail from cfdev.com. The
~all means that if the mail came from anywhere else your mail server is free to discard it, or do with it what it wants.
SPF allows for an easy way to prevent phishing scams from reaching your mail box. Since PayPal has setup SPF records (I think they just did this finally!) you can block mail that does not match their SPF policy.
There is a handy tool that will help you build SPF records for your domain at: spf.pobox.com
Yahoo! authored the spec on DomainKeys, which uses public/private key encryption technology. You publish your RSA public key in a DNS record (called a selector record), and all messages you send are signed on your SMTP server with the private key. The signature is added in the
DomainKeys-Signature header in your email.
When someone receives your email they can then verify your signature using the public key found in your DNS. If the signature verifies, you have validated both the sending domain, and that the message has not been altered in transit.
I have been pretty intimate with both of these specs, as my company is building an email server called XMS, and I have been working on filters for these protocols. It would have been handy to have this thunderbird plugin when I was writing the DomainKeys signature filter.
- Redirect www and non https in IIS using web.config
- Not authorized to perform: ssm:GetParameters
- What is the difference between ASCII Chr(10) and Chr(13)
- Fixinator and Foundeo Security Bundle
- Running CFML on AWS Lambda with FuseLess Slides
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2