In
<1077732757(_dot_)7826(_dot_)799(_dot_)camel(_at_)hades(_dot_)cambridge(_dot_)redhat(_dot_)com>
David Woodhouse <dwmw2(_at_)infradead(_dot_)org> writes:
On Wed, 2004-02-25 at 09:59 -0800, Justin Mason wrote:
This added because DK hashes the message body, and some mailing list
software (MailMan for example, or this list) modifies the body,
which will cause DK failures.
Mailing lists don't mangle the body _much_ though.
But mailing lists mangle the email body some. And spammers morph
their spam some. I don't see any obvious ways to distinguish these
two cases. Especially when you consider the number of weird and/or
broken mailing list software out there and the fact that spammers will
actively try and make their spam indistinguishable from mailing lists
mangling.
There is also the replay problem
Mailing lists send the same email to many people. Spammers send the
same spam to many people. Someone sending a message to a mailing list
has to be able to have their email go to many people without
problems. A spammer sending a message to themselves can't be allowed
to send this email to many people without problems. Again, I don't
see any obvious ways to distinguish these two cases.
I freely admit that SPF does not solve all the problems with forged
email that need to be solved. After SPF is sufficiently stable, I
will put some more effort into dealing with forged From: headers.
However, I think that forged envelope-from's is an important problem
to solve anyway, it can be solved quicker, and it can be used to help
solve the forged From: problems.
I sincerly hope that C-ID, DK, or some other proposal can solve the
forged From: header problem before I get to it. I don't see any
wasted effort in separate groups of people solving these two problems
at the same time.
-wayne