Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dkim customizations (bug: migration invalidates dkim signatures on previous emails) #2057

Open
1 task done
locknut opened this issue Mar 11, 2024 · 0 comments
Open
1 task done

dkim customizations (bug: migration invalidates dkim signatures on previous emails) #2057

locknut opened this issue Mar 11, 2024 · 0 comments

Comments

@locknut
Copy link

locknut commented Mar 11, 2024
edited

I'm migrating email for an existing domain to simplelogin.io, this domain has existed for 10+ years and has already had DKIM setup with the selector "dkim".

Prerequisites

  • I have searched open and closed issues to make sure that the bug has not yet been reported.

Bug report

Describe the bug

To migrate to simplelogin, I'm obliged to replace the contents of that specific existing DKIM DNS record with simplelogin.io's supplied DKIM DNS record value for the same selector ("dkim") that's been in use for 10+ years. This is fine for all future emails, but unfortunately many email clients actively re-validate DKIM signatures every time an email is opened, and will present a rather scary warning to the user if DKIM validation suddenly starts failing for old messages - even if the message headers clearly indicate that DKIM passed at time of receipt.

That's a problem I'd really rather avoid.

Expected behavior

Options:

  1. The ability to import custom public/private keys for DKIM (while continuing to use the existing DKIM selector names - dkim, dkim02, dkim03), on a per domain basis.

  2. The ability to modify the DKIM selector values (while still using simplelogin.io's signing keys & DNS records), on a per domain basis. So instead of this:

dkim._domainkey.mycustomdomain.com.    IN   CNAME     dkim._domainkey.simplelogin.co.
dkim02._domainkey.mycustomdomain.com.    IN   CNAME     dkim02._domainkey.simplelogin.co.
dkim03._domainkey.mycustomdomain.com.    IN   CNAME     dkim03._domainkey.simplelogin.co.

I could do this:

dkimsl._domainkey.mycustomdomain.com.    IN   CNAME     dkim._domainkey.simplelogin.co.
dkimsl02._domainkey.mycustomdomain.com.    IN   CNAME     dkim02._domainkey.simplelogin.co.
dkimsl03._domainkey.mycustomdomain.com.    IN   CNAME     dkim03._domainkey.simplelogin.co.
  1. The ability to disable specific DKIM selectors from being used, while keeping others enabled, on a per domain basis. If I could just disable "dkim" while keeping "dkim02" and "dkim03" enabled, then that would solve my problem.

Screenshots

N/A

Environment (If applicable):

N/A

Additional context

N/A
@locknut locknut changed the title feat: dkim customizations (bug: migration invalidates dkim signatures on previous emails) dkim customizations (bug: migration invalidates dkim signatures on previous emails) Mar 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@locknut