David MacQuigg wrote:
[snip]
2) The results of the authentication must be pre-pended to
the headers of the incoming mail, making it available for
all subsequent receivers.
3) Neither the incoming headers nor the body of a message
must be disturbed. We don't want to interfere with other
protocols that might use a digital signature.
We don't want to interfere with replies to the message either.
[snip]
Here is my proposed new header to meet these requirements:
Authenticate: SPF1 [<IP Address>] <senders-domain> PASS
[snip]
After these four items, we could have any number of
non-standardized parameters
Why non-standardized?
like a hash code or a time stamp.
IMO, to be anti-Spoofing, it must have a time stamp and an
public key encrypted hash ... just like SRS has defined.
[snip]
Comments and suggestions are welcome. I am not an expert.
-- Dave
--
Martin G. Diehl
http://www.renderosity.com/gallery.ez?ByArtist=Yes&Artist=MGD
Reality: That which remains after you stop thinking about it.
inspired by P. K. Dick