Facebook
TwitterToday I was very happy with the news that Plesk supports CAA-records. This happiness lasted only a few seconds when I realized that our primary DNS-server is running Plesk 12.5
The server can't be upgraded to a higher Plesk as it is running CentOS 5.11
I am already stripping it from tasks and hopefully it will be possible this year.
Will this enhancement reach Plesk 12.5.3 anytime soon?
What is happening with the inability of the GUI to use CNAMEs with underscores?
The GUI is preventing me to add these. Luckily the CLI still can.
Now there are more third parties implementing DKIM in a proper way (Office365).
Instead of giving a TXT-record, they now propose to use 2 CNAMEs
This gives them the ability to rotate their keys from time to time.
Mailchimp for one doesn't do this. I wonder how long it takes to find their 1024 private key?
They use 1 key for all their subscribers.
To be honest I do the same for my clients, but I have rotating keys that rotate each week. Furthermore I have less than 1000 customers.
I've heard a few days for keys that are shorter than that using an Amazon VPS.
If you do you can send DKIM signed messages pretending to be from any Mailchimp subscriber. Interesting as a tool for spearfishing.
They can of course stop business for a day and change their keys when they find out, but as things are now they will use this key for the next 5 years (this is my assumption). If it's used for spearfishing it probably takes very long to find out.
Anyhow. Plesk currently doesn't allow this better practice of using CNAMEs for that (in the GUI). It doesn't accept the underscore in the target part. So "_domainkey" can't be entered fhere. I can imagine there are more scenarios where a CNAME with underscores are needed. Please follow!
The server can't be upgraded to a higher Plesk as it is running CentOS 5.11
I am already stripping it from tasks and hopefully it will be possible this year.
Will this enhancement reach Plesk 12.5.3 anytime soon?
What is happening with the inability of the GUI to use CNAMEs with underscores?
The GUI is preventing me to add these. Luckily the CLI still can.
Now there are more third parties implementing DKIM in a proper way (Office365).
Instead of giving a TXT-record, they now propose to use 2 CNAMEs
This gives them the ability to rotate their keys from time to time.
Mailchimp for one doesn't do this. I wonder how long it takes to find their 1024 private key?
They use 1 key for all their subscribers.
To be honest I do the same for my clients, but I have rotating keys that rotate each week. Furthermore I have less than 1000 customers.
I've heard a few days for keys that are shorter than that using an Amazon VPS.
If you do you can send DKIM signed messages pretending to be from any Mailchimp subscriber. Interesting as a tool for spearfishing.
They can of course stop business for a day and change their keys when they find out, but as things are now they will use this key for the next 5 years (this is my assumption). If it's used for spearfishing it probably takes very long to find out.
Anyhow. Plesk currently doesn't allow this better practice of using CNAMEs for that (in the GUI). It doesn't accept the underscore in the target part. So "_domainkey" can't be entered fhere. I can imagine there are more scenarios where a CNAME with underscores are needed. Please follow!
Last edited:
