Matthew wrote:
In a previous message I discounted Phil's suggestion of using
S/MIME or GPG as ineffective, as it would be to easy of spammers to
create or acquire valid certs/private keys.
And it's not too easy for a spammer to create or acquire valid domain
names, publish the appropriate SPF records in the DNS, and start
spamming? He could register and rotate among dozens or hundreds or
thousands of domain names from which to spam, periodically updating his
SPF records in the DNS as he changes IP addresses. Note these wouldn't
all have to be different second-level domains; he could stick his own
third-level names on his collection and publish distinct SPF records for
each one.
However, I have realized there might be a way to use a GPG or
S/MIME like system, either in conjunction or independantly of SPF.
What I envision is not exactly what Phil described. And I prefer to
avoid using GPG or S/MIME directly, becasue AFAIK both of those
technologies directly effect or change the message body.
Modification of the message body is unavoidable if you're going to
authenticate email on an end-to-end basis, which IMHO is the only
correct way to do it. But is that such a big deal? S/MIME does it by
adding a discrete attachment, leaving the original message body intact.
GPG/PGP can do it either way, but even the old-style (non-MIME-part) PGP
signature style leaves the message body intact and wraps it in a header
and footer.
Phil
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡