Ah, sorry, no. If the sender doesn't implement SPF or DKIM, you find out
that it doesn't support it by not having an SPF or DKIM record, thus, you
don't apply either.
In your proposal there is no way to tell whether a given server implements
it, AND the result for "FAIL" is indistinguishable from the result for "NOT
IMPLEMENTED".
In other words, you can only turn this feature on if everybody implements
it. At the same time.
That won't happen.
You have to add other transactions to be able to query if the server
supports this feature. If the forwarder doesn't (by mal or mis feasance),
then it doesn't do anything useful.
ok, put a TXT RR in the DNS telling "I am using the proposal" as SPD and DKIM do
Actually, it does, if the From is signed (which it usually is), and if the
receiver knows (by some outside arrangement) to throw away anything that
fails.
anything that fails what? a signed email does not solve forgery of the
headers IN THE ORIGIN ! it solves forgery IN TRANSIT !
I can send an email to this list with my gmail account (wich goes
properly signed) claiming that is from you ! do you want me to try ?
What it doesn't do is solve "froggery" (myriads of look-alike domains, which
your proposal does not solve) nor does it solve the fact that most of the
time the user doesn't even notice what's in the From: line (nor does your
proposal). Remember that many mail readers (outlook included) DO NOT SHOW
YOU THE EMAIL ADDRESS in the From: line by default.
my proposal does not need the user see the address...it checks
silently on behalf the user.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg