spf-discuss
[Top] [All Lists]

Re: proposed PGP mechanism for SPF

2004-01-15 01:43:40

On Jan 14, 2004, at 8:45 PM, Rob Kaper wrote:

On Wed, Jan 14, 2004 at 11:17:49PM -0500, Meng Weng Wong wrote:
  Message content outside the signed area should be discarded by the
  receiving MTA.

Wouldn't it be sufficient to just sign a Message-ID/From combo, to reduce
overhead? We're only interested in verifying sender identity here, not
entire messages.

Eh, you'll need a timestamp too and then have recipients reject mail older than N hours. Otherwise it'd be easy to pick up some signed Message-ID/From combos from a mailing list and use it to spam a billion other addresses.

--
http://www.askbjoernhansen.com/

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡