that you have not even made the beginning of a serious proposal
That is black propoganda.
It is a very serious proposal.
and not to be rude or anything, but it all
sounds frightfully amateuristic
Based on what substantive facts?
Your propoganda is "frightfully amateuristic" as I will illustrate below.
SenderKeysTM adds an e-mail header"
And how will users go about doing this? They will disassemble their Outlook
Express code and patch in some hooks? See? You have not even thought through
the most basic obstacles. Will others patch their MUA for them? How? It is
not like Outlook Express can just be compiled/reinstalled. And even if,
yeah, users are really in the habit of doing that stuff daily, right?
Have you every heard of the word "plugin" (or "add-on")?
Outlook supports plugins.
Also Outlook does get upgraded by Microsoft. They are on version 6, not
version 1.
Will Microsoft do it for them?
Maybe. If Microsoft thinks they can make $ or advantage from it, then they
might.
After all, one of Microsoft's big battle cries now is anti-spam.
However, I happen to think the smaller email program vendors will be more
motivated to stop anti-forgery and provide an advantage over Outlook. There
are many of them, Eudora, Netscape, Lotus Notes, etc.. all waiting to get a
competitive advantage over Outlook and gain marketshare.
They would, if already millions of people
were using it. But nobody CAN use it, until the Microsoft patches arrive!
Nobody?
Unlike the browser, Outlook does NOT have 95% market share, primarily because
creating an email client is not as difficult as creating a browser, so there is
more competition.
The ol'd chicken and the egg story. That is why SPF is so brilliant: because
it is easily deployable
SPF is not so easy to deploy:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200408/0670.html
Yes you can set up DNS for SPF without "-all" but then recipients can not do as
much with SPF. To really solve forgery of ISP and personal domains, SenderKeys
is much easier to deploy than SPF:
No need to try and teach your grandma how to patch
her Outlook Express; just an administrator, somewhere far away from her,
changing a DNS record, and adding a milter/policy daemon of sorts
What can SendMail milter do with an SPF that is not marked as "-all"?
It can not delete the forgery, because it is not certain if it is forgery or
not.
It is almost useless. It can give maybe a 90% assurance of forgery if the
domain is a major ISP. For a personal domain, it is entirely useless if not
"-all".
One administrator, at one MTA site,
making a one-time, minor change to a DNS record, far and far, and far,
outshines your convoluted plan of having all users update their MUA's (which
is something they cannot even do themselves).
The sender has to do a lot more than that for SPF if they want to support
"-all"!!! Not only do they have to update their MUA, their DNS, but they also
have to update their server (and they might not even have a server!):
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200408/0670.html
SenderKeys is on the order of 1 / pow( x, 3 ) less effort in that use of SPF.
But why would anyone even do so? Most MUA have built-in supports for
cryptography, and can use standards like STARTTLS to communicate with their
respective MTA's, if a secure channel is required. Why would anyone start
patching MUA's, just to accommodate your very bad idea of sending private
keys over the wire?
Because there exist in life different systems for different purposes. The ones
you mention can not do anything for stopping e-mail anti-forgery. If you do
not remember, that is the point of this forum.
I will stop now. I am getting too sarcastic.
That slap-happy feeling apparently clouded your sense of true facts.
You take things personally, I understand that.
Not at all. Please continue making incorrect statements, if it helps or
pleases you somehow.
I can continue to refute you (until I get bored), because the facts have been
thought out very well from my side.
But the best thing for you to do, IMHO, would be to say
to yourself, "Ok, I goofed; clearly I have not thought things through.
Before I swallow my entire leg, let me just go back to the drawing board
I bet you wish I would, but the facts do not lie.
You have a nice day also :)
Thanks,
Shelby