spf-discuss
[Top] [All Lists]

[spf-discuss] Re: RPF explanation and examples

2006-11-16 17:31:01
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stuart D. Gathman wrote:
On Thu, 16 Nov 2006, Julian Mehnle wrote:
Well, not really.  If all mail was getting checked for known and
trusted PGP/S/MIME signatures (i.e., trusted by the individual
end-user), SPF and all that other trouble wouldn't be necessary.

So you would never accept email from a stranger?

OK, perhaps not strictly require a trusted signature.  But at least 
strongly demote incoming mail that doesn't have one.  Just like DKIM keys 
can be assigned with an individual granularity, PGP/S/MIME keys can be 
assigned with a domain granularity, and messages can be signed with 
multiple keys (one per domain, and one per author), so domain association 
could still be determined (which is important for bounces), even if you 
don't trust the domain or the author.

But going into the point you made:  Yes, I think eventually there's no way 
around the AGUPI (assumed guilty until proven innocent) principle.
I hadn't accepted that for a long time (I even disputed Meng when he 
started promoting the idea), but now I think that reputation systems will 
eventually have to become so radical as to effectively become AGUPI.  
Strangers will have to get introduced to me through some way or another 
(and be it accreditation).

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFXQJqwL7PKlBZWjsRAqOdAJ9DBX8QSpSA7ElNq3jQ1i5fzfN9bgCgyLQK
KWpH+A9lJPRLpkRbdqRkHfo=
=o0Cj
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735