I managed to waste my time on another thing. I foolishly thought that I should finally add DKIM to my mail server. Configuring it in the mail server was relatively easy. But once I started to check whether it actually works, I’ve fallen into trouble.
I started with the elliptic curve algorithm (ed25519). OpenDKIM on Debian stable failed to verify the signature due to an unknown algorithm. So I tried sending an e-mail to Gmail and it reported its DKIM check as failed too. Not very encouraging, but Google is generally incompetent as for e-mail handling1, so I suspected it could be their fault and tried further. The best explanation I could dig out from Gmail was “no key”, which could indicate Gmail also doesn’t understand ed25519 algorithm. Indeed, when I copied the failed message from Gmail to a newer version of OpenDKIM, it passed. OK, apparently dealing with software problem of category 2, an e-mail provider unable to handle modern standards despite it encourages e-mail senders to use DKIM.
Since this experience had indicated ed25519 is still too new, I tried to configure an additional, RSA, key. But my registrar, Hover, doesn’t accept long enough TXT DNS records. This would be OK if they accepted split DNS records. I managed to create a split record in Hover, apparently bypassing some checks by chance because my further similar attempts were rejected in the web UI. But the record didn’t work and the corresponding address couldn’t be resolved. After many attempts I’ve given up, Hover apparently doesn’t support split DNS records, which is a software problem of category 2 again, registrar DNS deficiency.
So I have DKIM set up and up-to-date SMTP servers can enjoy it. For the rest, nothing has changed, they think DKIM signatures are still missing in my e-mails. I can’t see any reason to waste more time on it.
Footnotes:
Just from my personal experience: Crippling incoming e-mails by deduplication, a horrible filter system and a spam filtering that’s best to disable because of nonsense false positives.
Leave a Reply