On Tue, 15 Jun 2004, John Levine wrote:
I know there's open source code for domain keys coming shortly.
^coming shortly^available for the past couple of weeks
We (Sendmail) released an open source implementation of a DomainKeys
milter just prior to the INBOX conference. It plugs into Sendmail
through the milter protocol and can currently sign outgoing messages and
verify and mark incoming messages. There's been quite a bit of feedback
so far and Murray has kicked out numerous incremental releases since then.
I'm sure someone will point out that there are questions about some of the
Yahoo licensing terms but those are being worked through as we type.
More info, code, and mailing lists can be found at:
http://www.sendmail.net/dk-milter/
What's available for SPF, Caller ID, and the merged thing?
We had also been working on a Caller-ID milter (as there were already a
few SPFv1 implementations out there), but haven't released it yet as to
wait and see what happens with the spec merger.
We really do need working code. Publishing records is fine, but until
people start running a lot of mail through MARID authentication
checkers, we won't know whether it really scales or how easy it is for
bad guys to circumvent. This doesn't mean that you have to use it for
live spam filtering (you'd be nuts to bounce mail that failed SPF, for
example) but at least log it and count what you find.
One of the other things we've been working on is a test plan to evaluate
all of the major schemes against a number of different criteria. We've
built a site to help coordinate community testing effort, and are still
working on some of the technical details. I'm sure that this group has
enough brainpower and probably some good tools to help in evaluating all
of these solutions, we'd be happy to help in coordinating putting them to
use. For more information on what we've done so far, please check out:
http://sendmail.net/
-Rand