Scott Kitterman wrote:
- Direct point to point e-mail: both work fine
- Traditional forwarding: DKIM works fine, but SPF has
issues
- Mailing lists: SPF works fine, but DKIM has issues if
content is modified.
Yes, that's interesting. And SID combines the worst cases
into a single mess ;-)
DKIM happens to be one that has a lot of momentum behind
it right now.
Dave + Ned + Eric is impressive. Ironport also supports
DKIM. Eric's summary yesterday on the DKIM list was very
interesting:
http://mid.gmane.org/26353A64CCD7EA3577D809B2(_at_)irma(_dot_)smi(_dot_)sendmail(_dot_)com
But I still don't see the "why" in comparison with other
ideas. A solid base for reputation ? Try SPF HELO or CSV,
maybe add MTAMARK. Real anti-phishing ? Use S/MIME or PGP.
Anti-forgery of the Return-Path ? Get SPF MAIL FROM, and
understand the 251-forwarding details. Some kind of early
warning before DNSBLs / SURBL / AV-software etc. catch up ?
Combine the known schemes and test "once a liar - always a
liar" with Tempfail.
Where is DKIM in this picture, just another "FUSSP" scheme
with its own weak points ? A marketing trick ? Bye, Frank