So anyone receiving an e-mail from fripost.org’s outgoing SMTP server (possibly indirectly) can decide whether it’s legit or tampered with.

The DKIM public key should be added to fripost.org’s DNS zone as a TXT record, as follows:

20140112._domainkey.fripost.org. 86400 IN TXT "v=DKIM1\; k=rsa\; p=…"

Having one sub-domain (here 20140112, the date where the key was generated) is what Google does; that’s a clever way to allow multiple keys, which is useful for a smooth transition to a stronger key for instance.

See RFCs 6376 and 7001 for references. The Wikipedia page might be another good read.

closed