On Sun, 25 Jun 2006, Rear Gunner wrote:
I just wonder, is SPF supposed to work in conjunction with DomainKeys or
is it a competing anti-spam tool? Why is SPF better than DomainKeys?
Isn't it better to digitally sign outgoing messages, like with
DomainKeys? What's the pros and cons here?
Neither is an anti-spam tool. Both prevent forgery, but on different
identities. SPF protects the SMTP envelope return address (MFROM or
Return-Path). DK protects the contents and mail header. However,
you need S/MIME or PGP/MIME to authenticate the author.
They work well together. SPF can reject a forged message before receiving
the body, and should be deployed before DK where practical.
A disadvantage of SPF is that correctly checking SPF requires knowing
all forwarders you have set up. This can be a problem for many
non-technical end-users, and for email providers with non-technical
users.
Some disadvantages of DK are that it requires receiving the full message
before it can be checked, does not validate the author, only
the identity responsible for the sending MTA, and is as expensive
as S/MIME or PGP/MIME.
Both SPF and DK depend on DNS security.
If you really want to be sure a message isn't forged, use S/MIME or PGP/MIME.
If you just want to stop most forged spam (joe-jobs) and reduce bounced
to forged return paths, SPF is cheap and effective. If you want to
stop phishing (forged mail header From), use DK *and* SPF.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com