Have you also configured your DKIM to oversign your mail as well? h= should include duplicate values for *Date: to: cc: Subject: From: Date: to: cc: Subject: From:* to prevent abuse and the replay of the emails.
Also accessing an X= value to something reasonable (3 to 5 days) is a good idea, if you're not doing that as well. These changes have helped a lot of ESPs reduce the success of replay issues with theirs and their client's DKIM keys. ~ Matt On Fri, Aug 30, 2024 at 12:38 PM Mark Fletcher via mailop <mailop@mailop.org> wrote: > Hi All, > > Thanks for the responses and suggestions. I've deleted the old DKIM DNS > record, and will be implementing a system to rotate the keys every 14 days, > as a starting point. > > To answer some questions: I don't think the emails have been modified in > any way, although I haven't seen a complete copy of one. At least some of > the people that get these messages are not spammer accounts, at least > judging by the angry "Unsubscribe me!" emails they send our support email > address. We currently sign all non X- email headers. > > Thanks, > Mark > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
