RE: General OpenDKIM setup questions

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Thu, 3 May 2012 20:15:56 +0000

> -----Original Message-----
> From: Quanah Gibson-Mount [mailto:quanah_at_zimbra.com]
> Sent: Thursday, May 03, 2012 1:15 PM
> To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org
> Subject: RE: General OpenDKIM setup questions
>
> Ok. What happens on the verification side if email X is sent out at
> 10:01:01, signed by "quanah2011", then the keys are updated at 10:01:02
> to "quanah2012", and the mail doesn't get verified on the receiving end
> (some remote domain with slow transports say. :P ) until 10:02:05 or
> something?
> Will verification still succeed?

Verification succeeds if the key is still in the DNS. So when you rotate a new key in, you should allow some overlap before removing the older key from the DNS.

-MSK
Received on Thu May 03 2012 - 20:16:08 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST