[Top] [All Lists]

Re: [Asrg] antiphishing idea

2011-11-17 16:19:18
2011/11/17 John Levine <johnl(_at_)taugh(_dot_)com>:
Domains should have to publish in their DNSs the message-id (among any
other thing) through a TXT or A record of any legit mail sent by them.
The TTLs of those records can be adjusted to compensate for queued
mails, etc.

Maybe I'm missing something, but why would you want to do this rather
than a DKIM signature?  DKIM validates against the DNS, and protects
the whole message.

because I can have a proper configured domain, I can properly sign my
mails but I can send you an email with From: header !
DKIM does not protect you against this ! DKIM says that signs
correctly the email and no alarms will trigger. The average user only
see and "trust" the From: mail header !
Asrg mailing list

<Prev in Thread] Current Thread [Next in Thread>