-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stuart D. Gathman wrote:
Until recently, I thought that it didn't matter what localpart signing
format is used. After all, the signature is only used/checked by
the same MTA (or cluster) that created it. However, I have
been using an auto-whitelisting technique in conjunction with
domains with SPF pass (actual or guessed) as part of spam abatement.
The auto-whitelisting whitelists addresses that local users send to.
This is spoiled by local part signing, unless I can extract the
address that a local user would use to send/reply.
Thus, while the actual signature format can be application specific,
there needs to be a standard for how to extract the original localpart.
I doubt that such a standard is possible, given that there are already so
many different (pseudo) standards for localpart signing out there. (I
agree that standardization would have been the right thing to do, but it's
probably too late now.)
A small, portable "liblocalpart-unsign" library aiming to support normali-
zation for (nearly) all of them would probably be more productive and less
effort.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD1gsVwL7PKlBZWjsRAu8XAKDb91Y2nzPurX0O8G/q3rCGsRQ92gCg4rru
qa0h03R5cpNIiGht9C67fdg=
=+oqS
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com