--On 20 January 2009 12:03:49 -0500 Chris Lewis <clewis(_at_)nortel(_dot_)com>
wrote:
Ian Eiloart wrote:
Maybe not so distant:
<http://mipassoc.org/pipermail/ietf-dkim/2008q1/009039.html>
This is a plea from Dave Crocker (author of rfc822) to take a
Thunderbird extension that checks spf and dk, and add support for dkim.
I remember that and the plea.
The plugin didn't do SPF. It couldn't do SPF, because it didn't have
access to either the MAIL FROM or HELO/EHLO. It did something similar
to SPF (From:).
Hmm, I'd have assumed that it checked the Received: headers to find an IP
address that got an SPF pass with the content of the Return-Path: header.
Of course, a spammer could always forge a suitable Received: header. I
can't see that this could have worked 100% reliably. There would have been
cases where are reliable warning could have been given, but they'd require
a -all entry in the SPF record.
Even to get it to do From: "properly" required intimate knowledge of
your mail server architecture.
You could make it do SPF properly if you hacked your MTAs to add various
headers showing details about the perimeter connection (HELO, IP, rDNS,
MAIL FROM).
We do insert such info, but it obviously wasn't going to be worthwhile
hacking the plugin to recognize our additional headers.
The DK stuff didn't work at all AFAIK.
Well, that sucks. Is that because the DK signature was broken in transit?
It was an experiment. As an experiment, I believe it died.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
x3148
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg