The issues that seem to me as still need clarification/definition are these: if my return address is not in the same domain as the "injecting" server,
then you sign the message with YOUR key, and put THAT in DNS.
I don't really know what Yahoo's going to do, but based on what I've read, in several place, I reached a similar impression as to what they're doing.
The recipient could then do the following:
* If the public key of the sender's domain validates the message, the message is authentic and should be delivered. * If that key *doesn't* work, but that of a listed "injecting" host does, then you have a relay or third-party sender -- but you definitively *know* that, and can make decisions before attempting delivery (e.g. check the injecting host to see if it's listed in a blacklist).
I didn't get the impression that Yahoo's stuff has anything to do with the injection host. Remember, that legitimate Yahoo mail can only come out of Yahoo itself, so they can take care of signing entirely on their end.
As you indicated, this scheme will prevent someone from using their Yahoo E-mail address to send mail themselves, from their ISP. That's unfortunate, but I also agree that Yahoo wouldn't give a fsck about it. They specifically _want_ their lusers to send mail through their webmail interface, instead of their own mail programs.
And I'm optimistic that they'll explicitly specify that the domain check has to be carried out against the From: header, and not the envelope sender address (although that one can still be optionally checked). Remember that Yahoo's goal is to get rid off all the clueless wonders from complaining to Yahoo about spam âFrom: [EMAIL PROTECTED] I'll be disappointed if they're naive enough to believe that checking the envelope sender address is sufficient; otherwise all that's needed to nullify any value added from this enterprise is to simply use a different envelope sender address, but keep the From: header intact.
Yes, that means that the message's body will have to be received, before the message can be authenticated. That's better than nothing.
pgp00000.pgp
Description: PGP signature
