spf-discuss
[Top] [All Lists]

let's get rid of SRS

2004-05-19 14:24:00
Meng Weng Wong wrote:

Say, how would folks feel if we got rid of SRS and replaced it with a
less onerous workaround?

We don't have to get rid of SRS completely. We just have to do it already at
the sender (the domain that publishs the SPF record):

The sender signs a hash of the envelope sender (plus time stamp) by using a
private RSA key and in the SPF record publishs the pulic key needed to check
the signature. For example: "v=spf1 a mx ses:...public_key... -all" meaning
"all mail from us has a signed envelope sender and here is the method to
check it".

Roger


<Prev in Thread] Current Thread [Next in Thread>