SPF and DomainKeys Plugin for Thunderbird
Joshua Tauberer's Sender Verification plugin for thunderbird now supports Yahoo! DomainKeys.
I have been using the plugin for a few days now, and it works pretty well. You might need to tell it some IPs of mail servers on your network, but the interface makes it easy to do this as needed. You probably also want to host your own lookup server (a perl script you can download from the site), there is only one default, and I'm sure it will start to slow down as more people use it.
If your not familiar with SPF or domainkeys, here's how they work...
SPF records are simply a DNS records that tell mail servers receiving your mail which IP addresses are allowed to send mail from your domain. So if I run on my unix command line:
dig TXT cfdev.com
I get the result:
"v=spf1 mx ptr ip4:22.214.171.124/28 ~all"
That's my SPF record for cfdev.com, it says that any MX record, anything that points to *.cfdev.com, or any IP within our subnet are the ONLY can send mail from cfdev.com. The
~all means that if the mail came from anywhere else your mail server is free to discard it, or do with it what it wants.
SPF allows for an easy way to prevent phishing scams from reaching your mail box. Since PayPal has setup SPF records (I think they just did this finally!) you can block mail that does not match their SPF policy.
There is a handy tool that will help you build SPF records for your domain at: spf.pobox.com
Yahoo! authored the spec on DomainKeys, which uses public/private key encryption technology. You publish your RSA public key in a DNS record (called a selector record), and all messages you send are signed on your SMTP server with the private key. The signature is added in the
DomainKeys-Signature header in your email.
When someone receives your email they can then verify your signature using the public key found in your DNS. If the signature verifies, you have validated both the sending domain, and that the message has not been altered in transit.
I have been pretty intimate with both of these specs, as my company is building an email server called XMS, and I have been working on filters for these protocols. It would have been handy to have this thunderbird plugin when I was writing the DomainKeys signature filter.
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token
- The cf_sql_ is optional in cfqueryparam
- Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z
- Burst Throttling on AWS API Gateway Explained
- How to Resolve Java HTTPS Exceptions