In <20041026162728(_dot_)GG1135(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
On Tue, Oct 26, 2004 at 12:12:00PM -0400, Carl Hutzler wrote:
|
| The above is why DomainKeys and similar are better...forwarders don't need
| to change anything.
On the other hand with DK, it appears that mailing lists will have to
change stuff and there are a lot more mailing lists than forwarders.
(This is another strike against the PRA since it doesn't work on a
significant percentage of mailing lists also.)
Or can we just tell all the senders to do DK and mandate
both checks on the receiver end? In theory that solves
forwarding.
Your suggestion is basically to whitelist forwarders by detecting
valid domainkey signed email from specific sources.
In my Unified-SPF/From:-Header draft, I suggest a very similar idea,
only using other techniques. Adding your DK suggestion would be a
good idea. See:
http://www.ietf.org/internet-drafts/draft-schlitt-marid-spf-from-hdr-00.txt
So, we really don't *need* DK to solve the forwarding problem with SPF
and to protect the From: header, but it would be useful.
-wayne