On Dec 9, 2005, at 11:29 AM, wayne wrote:
As Peter mentioned, this is not really new. This is the kind of
thing that SPF is designed to help with. Domain owners can choose
to publish SPF records saying how they wish their domain names to
be used and email receivers can choose to listen to what the domain
owners say.
See http://www.openspf.org/
How will checking the return-path of a message prove effective
against misuse of an email-address within the From header?
It is not clear to me if DKIM (the merged DomainKeys and IIM
system) will allow you to repudiate this kind of abuse of your
domain name. Instead it looks like they may be able to just give
positive assertions that the email did come from who it says it is
It may not be able to say that the email didn't come from who it
says it is. Similarly, things like S/MIME and PGP give much strong
positive assertions than SPF and DKIM, but you can't tell if an
unsigned email is valid or not.
Unless the sender owns an S/MIME certificate they can't write? Many
politicians utilize web based messaging rather than email. Not that
this prevents spoofing, but the entry forms ask for your district and
physical address, and your email-address to send their news-letters.
This information can be compared against public voter registrations.
Should everyone be asked for the last 4 digits of the driver's license?
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg