spf-discuss
[Top] [All Lists]

Re: Sender ID in the news

2004-10-28 07:10:48
Hi !!

It's an answer we've discussed in the past and have more recently improved
to answer various objections/perceived problems.  The protocol is called
Signed Envelope Sender (SES) and was the predecessor of BATV.

That is, the DNS signature validation query is only performed on messages
that have been forwarded.  It adds zero overhead to recipients of single-hop
(nor forwarding) message transfers.  DomainKeys adds overhead to every
message received.

this looks really nice, one objection is that it needs modification to
dns server software so it can handle this kind of queries and check the
correctness of the ses signature. As this kind of verification is only
done in the case of forwarders, why not make this check as a callout to
the domain's mx servers (trying to verify the existence of the email
address either with VRFY or with MAIL FROM/RCPT TO) ? This process add
some extra overhead, but taking in account that it will only be need
on a small amount of cases and that it does not need to patch another
piece of software, maybe it will be more easy to deploy it.

--
Best regards ...

It's a fine line between fishing & standing still

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david(_at_)ols(_dot_)es
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------



<Prev in Thread] Current Thread [Next in Thread>