Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have the cronjob check old selectors (or just selector1 and selector2) #89

Open
Divide-By-0 opened this issue May 17, 2024 · 0 comments
Open

Have the cronjob check old selectors (or just selector1 and selector2) #89

Divide-By-0 opened this issue May 17, 2024 · 0 comments

Comments

@Divide-By-0
Copy link
Member

In the case of Office 365 Microsoft rotate the keys for us. I am not sure how often this is but it could be as often as weekly. i.e. in Week 1 they sign messages using selector1 (it is the active selector). Selector2 contains the new key intended to be used in week 2. When week 2 starts Microsoft begin to use selector2 as the new signing key, and after a period of a few days it creates a new key for selector1 and publishes that in DNS. After the new key has been published then any email received by mail servers after that time won’t validate with DKIM, so it is important to leave enough time to ensure mail has been delivered.

From https://neroblanco.co.uk/2016/04/email-arrive-signed-tenant-onmicrosoft-com/ . This means that we need to check updated keys for replacing selector1 with selector2 as well, even if that's not the currently active selector.
@Divide-By-0 Divide-By-0 changed the title Have the scraper check old selectors (or just selector1 and selector2) Have the cronjob check old selectors (or just selector1 and selector2) May 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Divide-By-0