Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> dkim bit length, dkim bit length
inittux
 Posted: Nov 29 2015, 07:27 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 290
Member No.: 953
Joined: 20-October 11









Does anyone know what the recommended bit length is for dkim keys?

According to the documentation recommended is 1024 bits, but the documentation is written in 2013?
When I look it up in wiki it says that signers must at least have up to 1024 bits, but you can go up to 2048 bits in your dkim keys.

If anyone is wondering why I'm asking this question. Hotmail mailfilter(smartscreen) is classifying all mail coming from my mail server to hotmail accounts as spam and ending up in the spam folder never to be read. I found out hotmail has certain policies:

https://mail.live.com/mail/policies.aspx

So now I'm working on implementing dkim and spf into my mailserver setup. The weird thing is google doesn't mark mails coming from my mailserver as spam and neither doesn't my own work mailservers/filters.

--------------------
PM
^
inittux
 Posted: Nov 29 2015, 09:34 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 290
Member No.: 953
Joined: 20-October 11









QUOTE (inittux @ Nov 29 2015, 09:27 PM)
Does anyone know what the recommended bit length is for dkim keys?

According to the documentation recommended is 1024 bits, but  the documentation is written in 2013?
When I look it up in wiki it says that signers must at least have up to 1024 bits, but you can go up to 2048 bits in your dkim keys.

If anyone is wondering why I'm asking this question. Hotmail mailfilter(smartscreen) is classifying  all mail coming from my mail server to hotmail accounts as spam and ending up in the spam folder never to be read. I found out hotmail has certain policies:

https://mail.live.com/mail/policies.aspx

So now I'm working on implementing dkim and spf into my mailserver setup. The weird thing is google doesn't mark mails coming from my mailserver as spam and neither doesn't my own work mailservers/filters.


Seems google use 2048 bit dkim keys so, can't go wrong on that if google is using it biggrin.gif

--------------------
PM
^
tux99
 Posted: Nov 30 2015, 07:55 PM
Quote Post


SLF Moderator
********

Group: Moderators
Posts: 1276
Member No.: 224
Joined: 28-May 11









Can't help you with the key length but I only implemented SPF on my mail server as DKIM seemed too much hassle and I don't have any problems with mails ending up in spam folders (as far as I'm aware).

Have you checked that the IP of your mailserver is not on one or more of the many Blacklists?
You can do this for example here:
http://mxtoolbox.com/SuperTool.aspx?action=blacklist
or here:
http://www.blacklistalert.org/

This post has been edited by tux99: Nov 30 2015, 08:06 PM

--------------------
My personal SL6 repository, specialized in audio/video software: http://pkgrepo.linuxtech.net/el6/
(can be used together with EPEL and ELRepo repositories) - repository mirror: http://linuxsoft.cern.ch/linuxtech/el6/
PM
^
inittux
 Posted: Nov 30 2015, 09:24 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 290
Member No.: 953
Joined: 20-October 11









QUOTE (tux99 @ Nov 30 2015, 09:55 PM)
Can't help you with the key length but I only implemented SPF on my mail server as DKIM seemed too much hassle and I don't have any problems with mails ending up in spam folders (as far as I'm aware).

Have you checked that the IP of your mailserver is not on one or more of the many Blacklists?
You can do this for example here:
http://mxtoolbox.com/SuperTool.aspx?action=blacklist
or here:
http://www.blacklistalert.org/


Hello tux99,

Thanks for your reply. hotmail mailservers are the only ones dumping my mails in the spam folder. Google, Yahoo, and protonmail, and my work mail they arrive just in the inbox. Thanks for those links I searched my ip on those links. I got one result on a blacklist on sorbs, but it dates back from 2011, and I've only had the server/ip for about a year.

I'll contact their support to request if they can remove my range from their blacklist. Although I don't think that's the problem, but it's never nice to be on a blacklist.

I even had contact via outlook support, they're not willing to budge or help either or give me any information which is useful, only links to policies. I sent them an email with all the details yet they didn't even bother to reply on my findings. Only We recommend this and this and this while they responded to me as if I'm a business mail hosting provider.

I setup SPF and DKIM, spf was getting tmperrors with outlook/hotmail and on gmail it was getting passes: Seems to be a ms problem: http://www.openspf.org/FAQ/Hotmail_and_TempError
.
dkim I haven't gotten fully working, still working on that. Thought I'd try to get that working since of outlook policies: https://mail.live.com/mail/policies.aspx

About they length, I had contact with my dns hosting provider and they said it's best to user 1024bit since that's the most supported one.

I did some test of sending mail from one of my aliases and my main account. Each time the mail would get classified as spam by smartscreen. The funny thing is, I created an alias hotmail@mydomain.com, and I sent to my own live account, and it arrived in in the inbox on my live account. And that same email still had the failed SPF and DKIM headers. I tried pointing that out to outlook support but they don't even reply or comment on my findings. I even sent them the mail headers to show it. They only replied with the following information:

We have reviewed your IP and determined that messages are being filtered (i.e. sent to the Junk folder) based on the recommendations of the smartscreen. Linking to a page with no useful info whatsover. Then telling to consider the following things: that my mail should be identifiable that it's coming from my domain/server(which it is), to have a look at best practices, highlight opt in and ensure my lists are up to date. Those last two don't even apply cause I'm the only one making use of the mail service. And the last two are to join two programs: JMRP and SNDS.

In short I'm pretty disappointed in in outlook support as in not willing to help at all or even look or comment on the information I gave them. Seems they got their head up their behinds.

http://www.madjacksports.com/forum/images/smilies/facepalm.gif http://dl.dropbox.com/u/2835777/BangHead1.gif

But can't do much about it. I'll just try to figure it out on my side, even though it would help if they had given me some actual useful information. Will take the positive side out of the situation and call it a learning experience smile.gif http://i23.photobucket.com/albums/b390/pep_133/smileys/rofl.gif?t=1241899258

--------------------
PM
^
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll