Hi Adrian,
On 07.06.23 21:33, Adrian Ulrich via swinog wrote:
I'm pretty surprised that of the 1.7M domains with an MX record, only 57% have
DKIM
I don't see how one could reliability gather this data from DNS:
DKIM allows you to specify a selector in the header of the mail: This mail for
example will use 'sx1' as the selector (check out the header ;-) ):
$ dig +short txt sx1._domainkey.blinkenlights.ch
"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC[....]
But without ever receiving a mail from me: how would you know?
You could try to send a query for '_domainkey.blinkenlights.ch' and you MAY
receive a NOERROR reply - but that's not guaranteed: My DNS will just return an
NXDOMAIN:
$ dig txt _domainkey.blinkenlights.ch|grep status:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10153
Your nameserver breaks https://www.rfc-editor.org/rfc/rfc8020
This document states clearly that when a DNS resolver receives a
response with a response code of NXDOMAIN, it means that the domain
name which is thus denied AND ALL THE NAMES UNDER IT do not exist.
Daniel
_______________________________________________
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch
