--On Thursday, May 03, 2012 8:15 PM +0000 "Murray S. Kucherawy"
<msk_at_cloudmark.com> wrote:
>> -----Original Message-----
>> From: Quanah Gibson-Mount [mailto:quanah_at_zimbra.com]
>> Sent: Thursday, May 03, 2012 1:15 PM
>> To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org
>> Subject: RE: General OpenDKIM setup questions
>>
>> Ok. What happens on the verification side if email X is sent out at
>> 10:01:01, signed by "quanah2011", then the keys are updated at 10:01:02
>> to "quanah2012", and the mail doesn't get verified on the receiving end
>> (some remote domain with slow transports say. :P ) until 10:02:05 or
>> something?
>> Will verification still succeed?
>
> Verification succeeds if the key is still in the DNS. So when you rotate
> a new key in, you should allow some overlap before removing the older key
> from the DNS.
Great, thanks!
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Received on Thu May 03 2012 - 20:29:46 PST