Re: [Asrg] Spam Salt, an email sender authentication mechanism

 On 28.09.2010 10:55, Jose-Marcio Martins da Cruz wrote:
> It's some sort of message signing schema.
>
> As there are other quite good signing schemas around us, a discussion 
> could be around comparing schemas. E.g., how do you place SpamSalt WRT 
> DKIM ? What's the differences ? Why SpamSalt could be better or worse 
> than DKIM ?
At the time I came up with the SpamSalt proposal, I wasn't aware of DKIM.

Some differences between DKIM and SpamSalt:

(a) SpamSalt is not limited to the period of time that a message is in 
transit.
(b) DKIM adds a domain-level signature, SpamSalt proposes signatures 
that are associated to individual mailboxes.
(c) DKIM doesn't seem to provide a revocation mechanism for emails that 
have been produced while an individual user's credentials were 
compromised (e.g. because of a computer virus). With SpamSalt the 
verification can be delayed or repeated until a recipient first looks at 
an email. By that time, after the transit but before reading, it may 
have become known that the message originates from a spam account or a 
compromised account and can be automatically treated as such.
(d) SpamSalt doesn't require that existing transport agent software gets 
changed or upgraded, thus allowing for less intrusive migration. It's 
sufficient to install complementary server applications and upgrade 
client applications.
(e) SpamSalt doesn't help against sender domains that exist for the sole 
purpose of sending spam.
(f) SpamSalt and DKIM don't seem to be in conflict, but rather be able 
to complement one another.
Kai

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg