Re: [Asrg] Spam Salt, an email sender authentication mechanism

> (a) SpamSalt is not limited to the period of time that a message is in 
> transit.
> (b) DKIM adds a domain-level signature, SpamSalt proposes signatures 
> that are associated to individual mailboxes.
> (c) DKIM doesn't seem to provide a revocation mechanism for emails that 
> have been produced while an individual user's credentials were 
> compromised (e.g. because of a computer virus). With SpamSalt the 
> verification can be delayed or repeated until a recipient first looks at 
> an email. By that time, after the transit but before reading, it may 
> have become known that the message originates from a spam account or a 
> compromised account and can be automatically treated as such.
> (d) SpamSalt doesn't require that existing transport agent software gets 
> changed or upgraded, thus allowing for less intrusive migration. It's 
> sufficient to install complementary server applications and upgrade 
> client applications.
Both S/MIME and PGP do all that, and have for over a decade.

You should try them out. -- S/MIME support is built in to your MUA,
and there's a plug-in for PGP.  To get you started, this message has an 
S/MIME signature although the buggy code in T'bird may not recognize it.
If you want people to take your proposals seriously, you need to do
your homework, see what people have done before, and in cases like
these, why nobody uses them.  (look for "key management")

R's,
John

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg