On 2021/04/15 10:58, Odhiambo Washington via mailop wrote: > > On Tue, Apr 13, 2021 at 6:44 PM Stuart Henderson via mailop < > [email protected]> wrote: > > I don't know specifically about gmail, but generally support for > ed25519 > in DKIM is still a bit lacking, I think the advice for this is > still to > dual-sign. > > > How does dual-signing work? Sorry to sound so ignorant, but I am only > hearing about dual-signing for the first time.
Just like it sounds, add two DKIM headers, one signed using RSA, one using ed25519. Different selector (s=), same domain/identity (d=/i=). It's easy using rspamd for signing, example in the documentation. For opendkim it seems like you need to use lua scripting to achieve this (there's https://github.com/trusteddomainproject/OpenDKIM/issues/6 with a request for a built-in way to do this, issue is open since 2018). _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
