Opened 7 years ago

Closed 6 years ago

#9632 closed enhancement (fixed)

Should we disable DKIM for GetTor?

Reported by: sukhbir Owned by:
Priority: Medium Milestone:
Component: Applications/GetTor Version:
Severity: Keywords:
Cc: mrphs, arma Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Currently, only Yahoo! and Gmail support DKIM so we are only able to accept messages from these two providers. This helps ensure that the message is coming from the domain and sender it claims to be from.

Should we consider disabling DKIM? If we did so, we could support all other domains, including outlook.com which seems to be getting popular these days. Also note that GetTor is not currently sending out any packages and until we start distributing the new bundles, we will just be sending out links to mirrors and cloud-based file sharing services instead.

Child Tickets

Change History (4)

comment:1 Changed 7 years ago by cypherpunks

From README:

However, DKIM checking and hard-coded domain checks are currently disabled in GetTor. Mails from all addresses are being passed to GetTor processing.

Is it valid statement?

You no need DKIM for abuse prevention. You could implement 3-way handshake using cookies, little overhead could improve general usability for all gettor and save anti-abuse properties.

comment:2 Changed 7 years ago by mrphs

I vote for dumping DKIM.
IMO, limiting our users to two major US based email providers isn't the best decision to make.

If we need to defend against flood attacks and bots, perhaps we can do captcha-like authentication?

[snip]
  windows
  linux
  osx
[sinp]

Are you a human? please reply this email with your desired package plus the answer of question below:

  2+2=?

A correct request look like this:
windows 4
Last edited 7 years ago by mrphs (previous) (diff)

comment:3 Changed 7 years ago by mrphs

Cc: mrphs arma added

comment:4 Changed 6 years ago by sukhbir

Resolution: fixed
Status: newclosed

We don't need DKIM now and therefore it has been disabled.

Note: See TracTickets for help on using tickets.