[johnklos]

Ummm... DKIM is NOT a one-liner in DNS. It requires actually setting up, well, DKIM. The DNS part is simple, yes, but the DKIM isn't, and equating it to a one-liner in DNS is just simply not true.

[inopinatus]

It’s not trivial, but it’s definitely something I’d expect to be within the grasp of most visitors to this forum.

Importantly you can also verify the correctness of the configuration, which isn’t the case for all anti-spam and anti-spoofing measures.

[StopHammoTime]

For most services it is. But you’re right, if it’s self-hosting it’s a real pain in the d**.

[croutonwagon]

would agree..It can also be hard finding selectors down the line that you had already set up because they can often be anything and largely depends on the service and how well they document their standards (and assume they dont change).

I have had to revisit these a few times for companies that change their setup standards and then dont tell their customers (same has happened to SPF but that is much easier to audit/fix).

[walrus01]

Opendkim as a daemon as something added to an existing smtpd with postfix is not that complicated.

[Someone1234]

This feels like shifting the goalposts. From "one line in DNS" to "just install extension into your email daemon and configure it."

[GauntletWizard]

Your e-mail daemon should already have configuration for DKIM, and the same tool that generates that key should also print out the complete DNS entry you need. Configuring DKIM in your daemon is a bit of work; The DNS portion of it is simple.

[walrus01]

If a person is trying to self-host their own MX and doesn't want to get into the details of configuring SPF, DKIM and DMARC, I would highly recomment they go with something like gsuite or office365 instead. Or some other managed email hosting provider that will do the DKIM setup for them.