Hector Santos wrote:
[..]
I presumed you are privy to any time line information? Yahoo does say early
2004.
[..]
Nope, I am just as clueless about the time line as everyone else is.
[..]
No "KEY" from a YAHOO return path message:
What steps should a SMTP server take?
Or is what YAHOO is telling the world that starting in 2004, any message
that does not have a private key, should not be trusted? Plain and simple?
Then as you mentioned, we are left with possible forgery issues.
[..]
I would venture to say that for domains that DO have the public key in
DNS, any email originating from any other SMTP server with that domain
as the "From" address inside the message, and not signed, can be
rejected or given higher score in Spam Assassin. This of course would be
a problem for users that use a different SMTP server to relay email,
unless private keys are shared.
Therefore, this proposal would give immidaete benefit for those sites
that utilize it, by reducing "joe jobs" forging that domain, and it will
not require the entire Internet to adopt it on the sender's end unless
they want to use it. This is similar to LMAP in that respect, but does
present more overhead.
The key to any successful technology is to tell the SMTP receiver not to
take any further action or minimum action on validating a transaction and it
needs to be done before DATA is received.
Since this proposal signs messages themselves that are transfered within
the DATA command, this cannot be done before the DATA command.
Therefore, unlike LMAP proposals it cannot be used at the MAIL FROM point.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"I ate your Web page. / Forgive me. It was juicy / And tart on my
tongue." (MIT's 404 Message)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg