On 11/17/2011 02:19 PM, Christian Grunfeld wrote:
2011/11/17 John Levine<johnl(_at_)taugh(_dot_)com>:
Domains should have to publish in their DNSs the message-id (among any
other thing) through a TXT or A record of any legit mail sent by them.
The TTLs of those records can be adjusted to compensate for queued
mails, etc.
Maybe I'm missing something, but why would you want to do this rather
than a DKIM signature? DKIM validates against the DNS, and protects
the whole message.
because I can have a proper configured domain, I can properly sign my
mails but I can send you an email with From: paypal.com header !
DKIM does not protect you against this ! DKIM says that evil.com signs
correctly the email and no alarms will trigger. The average user only
see and "trust" the From: paypal.com mail header !
Ask google if an improperly dkim-signed paypal.com mail sets off
alarms. I'll help you out: it does.
Mike
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg