Thanks for the clarification.
I'm sorry for leaving out some key details. The sender does
not store the per-message hash anywhere. The hash is signed
with an HMAC-SHA1, and both are included in the return-path
or signature header. To validate this signature, the
validation server only needs to know the secret key and the
signature format for the domain.
That creates another question:
When the server decrypts the signature, how does it know the
string is valid? Presumably it is some pre-established string
that it recognizes? That kind of repeatition of the contents
(ie, predictability) makes the mechanism easier to break.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker(_at_)(_dot_)(_dot_)(_dot_)
brandenburg.com