On Thu, 16 Nov 2006, Stuart D. Gathman wrote:
On Thu, 16 Nov 2006, Julian Mehnle wrote:
Well, not really. If all mail was getting checked for known and trusted
PGP/S/MIME signatures (i.e., trusted by the individual end-user), SPF and
all that other trouble wouldn't be necessary.
So you would never accept email from a stranger?
In other words, any spammer can create a private key, just like they
can publish an SPF record.
SSL style email certs can be signed by a certificate authority with just
a working email address and a credit card. At the end of the day, you'd
know only that the registered email was responsible for the spam. Not
much better than what SPF tells you about the domain responsible. More
secure - but much heavier and can't be evaluated in the SMTP envelope.
It is certainly the way to go to be sure an email comes from someone who
knows the private key to a known public key.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735