Re: [Asrg] Spam Salt, an email sender authentication mechanism
2010-09-28 12:39:11
On 28.09.2010 10:55, Jose-Marcio Martins da Cruz wrote:
It's some sort of message signing schema.
As there are other quite good signing schemas around us, a discussion
could be around comparing schemas. E.g., how do you place SpamSalt WRT
DKIM ? What's the differences ? Why SpamSalt could be better or worse
than DKIM ?
At the time I came up with the SpamSalt proposal, I wasn't aware of DKIM.
Some differences between DKIM and SpamSalt:
(a) SpamSalt is not limited to the period of time that a message is in
transit.
(b) DKIM adds a domain-level signature, SpamSalt proposes signatures
that are associated to individual mailboxes.
(c) DKIM doesn't seem to provide a revocation mechanism for emails that
have been produced while an individual user's credentials were
compromised (e.g. because of a computer virus). With SpamSalt the
verification can be delayed or repeated until a recipient first looks at
an email. By that time, after the transit but before reading, it may
have become known that the message originates from a spam account or a
compromised account and can be automatically treated as such.
(d) SpamSalt doesn't require that existing transport agent software gets
changed or upgraded, thus allowing for less intrusive migration. It's
sufficient to install complementary server applications and upgrade
client applications.
(e) SpamSalt doesn't help against sender domains that exist for the sole
purpose of sending spam.
(f) SpamSalt and DKIM don't seem to be in conflict, but rather be able
to complement one another.
Kai
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, (continued)
Re: [Asrg] Spam Salt, an email sender authentication mechanism, der Mouse
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Kai Engert
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Ian Eiloart
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, mathew
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, der Mouse
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, Kai Engert
- Re: [Asrg] Spam Salt, an email sender authentication mechanism, der Mouse
Re: [Asrg] Spam Salt, an email sender authentication mechanism, Jose-Marcio Martins da Cruz
- Re: [Asrg] Spam Salt, an email sender authentication mechanism,
Kai Engert <=
Re: [Asrg] Spam Salt, an email sender authentication mechanism, Steve Atkins
Re: [Asrg] well known techniques, was Spam Salt, John Levine
|
|
|