ietf-mxcomp
[Top] [All Lists]

RE: How would SPF or Sender Id caught this one?

2004-07-30 18:27:55

If you really want to trust that the contents of a email message was
authored by the person who claims to be the author, you need to use a
digital signature based authentication mechanism (e.g. S/MIME). 
 
S/MIME isn't necessary to address this scenario, which does demonstrate
the basic flaw of any IP-based solution. Domain Keys would have stopped
it though. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer(_at_)ziffdavis(_dot_)com