SmarterMail Application Extensions upward pointer SMSpamC contact me downward pointer

n a v ::

info . download . register . support . contact | more



frequently asked questions







What is DKeyEvent SM?

DKeyEvent SM is a plugin for SmarterMail, that signs and authenticates messages according to DomainKeys and DKIM specifications. Besides being designed to prevent 'identity spoofing' - i.e. claiming that mail originates from a different domain - by hashing each message on transmission, it can check whether a message has been altered prior to delivery, and, should it be the case, restore the message to its original form.


What is DomainKeys?

DomainKeys is a technology proposal that gives email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent (i.e. that they were not altered during transit). By signing its messages, a domain can on the one hand take responsibility for what it sends, and on the other hand, explicitly define its policy as regards unsigned messages claiming to come from that domain. DomainKeys, as such, provides a way for a domain to protect its identity.


What is DKIM?

DKIM builds upon the original DomainKeys framework, as well as Identified Internet Mail, Authenticated Sender and Meta-Mail, allowing for more flexibility in a more secure mechanism. It is, roughly speaking, the successor to DomainKeys, and a more advanced version of it.


Which of the two should I use to sign my mail?

At the present time, it is best to use both DomainKeys and DKIM, in conjunction. It is expected that DKIM will eventually replace DomainKeys, but for now, at least, DomainKeys has a wider deployment base than DKIM has. Given this, if server resources are limited, one should perhaps consider deploying DomainKeys now, and consider changing to DKIM once it becomes more widely implemented.


Which specifications does DKeyEvent SM implement?

The current version of DKeyEvent SM will sign mail according to rfc4870 and rfc4871, with backwards compatibility being available for authentication.



What sort of license is DKeyEvent SM distributed under?

DKeyEvent is distributed under a dual license. DKeyEvent is provided as FREEWARE for private, non-profit, and educational use. Commercial, for-profit use of DKeyEvent requires registration, in this case the software being provided as SHAREWARE, with a granted trial period of 30 days.


Is DKeyEvent SM free?

As mentioned in the license, commercial, for-profit use of DKeyEvent requires registration, the price of a license being EUR 30. If not used for-profit, however, it is considered freeware, and as such free.


Why should I register?

Registration helps support the development of DKeyEvent, while at the same time entitling the registrant to priority technical support.


Is technical support available?

Technical support is available to both registered and non-registered users; due to limited resources, however, response to non-registered requests is only given as time permits. If response time and availability is important for you, then please consider registering.



Does DKeyEvent SM work with SmarterMail 2.x?

Yes, it does. Note, however, that not all features are available when running in 2.x compatibility mode. For optimum security and flexibility, SmarterMail 3.x or later is recommended.


Is DKeyEvent processing resource intensive?

The short answer is yes. DomainKeys specifications require strong cryptography, which is processor-intensive. Given the power of today's computers, however, a normal mail server should have no problems coping with the extra load. Nonetheless, various options are available in DKeyEvent to allow the filtering of messages, and customize the load to your environment's necessities.


Can DKeyEvent be deployed in a multiple server environment?

Yes. DKeyEvent can be used both in environments where one server caters to multiple domains, and in environments where multiple servers cater to the same domain base.


Can DKeyEvent be automated?

Yes. All of the settings DKeyEvent uses are stored in standard 'ini' files, and as such are easy to modify. The documentation also provides information on all the necessary steps needed to automate DKeyEvent integration.



How can I test my signatures?

If you want to test whether your installation of DKeyEvent is correctly signing outgoing mail, you can send an email to dktest at exhalus.net, an auto-responder that will check your message and reply with authentication results.


Why do my signatures fail authentication?

The most common reason why a signature would fail is incorrect configuration. Please take some time to read the documentation carefully. Users new to DomainKeys are also known to have difficulties setting up private/public key entries, so if stuck, it sometimes helps to generate a new key pair and update your DNS settings using a new selector, so as to avoid conflict with older (and not yet expired) entries.


Why is outgoing mail not being signed?

There are cases when DKeyEvent will refuse to sign mail. If you are certain that you have properly configured DKeyEvent to sign outgoing mail for your domain, and there are no errors reported in the Event Log, then it could be that DKeyEvent has refused to sign the message. There are multiple reasons why this might happen, though they are all related to sender authentication; basically, DKeyEvent considers that the sender of a message does not have the authority to have that particular message signed. For example, when using SmarterMail 3.x (or higher) compatibility mode, unless domain impersonation is enabled, messages from senders who have not authenticated with SmarterMail (such as automated scripts) will not be signed. Neither, again, will messages whose envelope entities do not match those in the header. The strictness of sender authentication in DKeyEvent can be configured, though one should understand that all this is done to protect your domain's identity from abuse, and as such, the potential hazards of a more relaxed policy should be carefully considered.


© exhalus.net :: some rights reserved | W3C XHTML 1.0 :: CSS3 :: RSS 2.0 | best viewed in Mozilla Firefox