Okay, I've gotten Yahoo's Domain Keys setup and working for tp.org. We're still set to testing mode (which I think everyone using Domain Keys is currently set for) so nothing much should be happening right this second with them.
Here is what you get when you do: "dig txt _domainkey.tp.org"
;; ANSWER SECTION:
_domainkey.tp.org. 3600 IN TXT "t=y\; o=~"
And when you do: "dig txt main._domainkey.tp.org"
;; ANSWER SECTION:
main._domainkey.tp.org. 3600 IN TXT "g=\; k=rsa\; t=y\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM6AuODOWOpoF8kNo\
YXAWGn5Ku7IFzomQ7O+X0HkMbZhlak3VEA7uei1Znlsr6peYQ+i55uqUXpWQ\
jcshFXvKt050OEwhVqGE8wkqyA1r7/ra8nE1huCOycBP4lidTJ+EwIDAQAB"
We also have SPF (Sender Policy Framework) records published as well. Both of these two things mean that if you want to send email from user@tp.org, then you have to do so from the tp.org machine or other folks will HOPEFULLY not trust your message.
Here is what you get when you do: "dig txt tp.org"
;; ANSWER SECTION:
tp.org. 3600 IN TXT "v=spf1 a -all"
I can roll this out to other domains hosted here on tp.org if folks would like me to. Both methods require that you add TXT records to your domain... I know we've had challenges with that in the past, but hopefully anyone interested in SPF or Domain Keys can read up on it and get it going if you want it.
I haven't read up on DKIM (Domain Keys Identified Mail) yet, so I won't be implementing it anytime soon. I think Yahoo's method is probably just fine for most things anyway.
I will try and setup Webmail and IMAP real soon now too (I know I've been sayin that for about 4 years now... really this time... I hope). If I do setup IMAP, then I'll setup authenticated SNMP on port 587 so folks will be able to send through the machine after authentication and have their mail be valid for SPF and Domain Keys.
Oh yeah, the "WHY IS JAY INTERESTED IN ANTI-SPAM ALL THE SUDDEN"...
So, on Saturday 3/11/06 the top spammers in the world decided to make a concerted effort to send as much spam as possible. Most likely it is an attempt to clog the spam filters throughout the world and hope that things fail/pass (instead of fail/reject) to get their spam through to the unsuspecting inboxes of the world.
Those spammers are forging email from as many domains as they possibly can. One of the MANY domains they've chosen was @tp.org. Sooooooooo, while we're not getting much spam ourselves (if you are using Spam Assassin on the machine that is) ... I (postmaster and catch all email addresses on tp.org) am getting around 1000 reject messages a day right now from folks who spam filters are catching what they think is spam from @tp.org... or bounces because the mailboxes are full or are out of the office or no longer existent. Anyway... after pressing delete a few thousand times now (and trying not to accidently delete stuff I need to read) I got interested DomainKeys.
tp.org (and my other domains) have had SPF TXT records published for a while. Evidently folks don't pay attention to those anymore than they pay attention to DomainKeys. If they'd paid attention to either of them, they would NOT be sending me bounces and instead silently discard all these emails from FAKE @tp.org users not sending through the tp.org machine.
Oh, the final thing... I wanted to tell folks about what I heard when I talked to our Chief Spam Fighter here at AOL about the rejects I'd been getting (the common thread is that they have a forged envelope stating that the email came from Google to AOL). We normally process like ONE BILLION spam messages a day here at AOL... on Saturday alone they processed SEVEN BILLION!!! Woooot. That is a LOT of spam. To their credit, I've gotten maybe three pieces of spam this week in my work @aol.com account. Not too shabby... though that is three pieces of spam I normally don't get here at AOL. Those guys do one helluvah job!