James A. Donald wrote:
In order for [DKIM] to actually be any use, the
recipient needs to verify the signature and do
something on the basis of that signature -
presumably whitelist email that genuinely comes from
well known domains.
Unfortunately, the MTA cannot reliably do
James A. Donald wrote:
In order for [DKIM] to actually be any use, ...
Anne Lynn Wheeler wrote:
so what if an isp only signs email where ...
etc, etc.
You know, we've already had all these arguments on the DKIM mailing
list about a hundred times.
It's true, just about everything that
Lynn Wheeler wrote:
recently published IETF RFC
... from my IETF RFC index
http://www.garlic.com/~lynn/rfcietff.htm
4686 I
Analysis of Threats Motivating DomainKeys Identified
Mail (DKIM),
Fenton J., 2006/09/26 (29pp) (.txt=70382) (Refs
1939, 2821, 2822, 3501, 4033) (was
James A. Donald wrote:
In order for this to actually be any use, the recipient
needs to verify the signature and do something on the
basis of that signature - presumably whitelist email
that genuinely comes from well known domains.
Unfortunately, the MTA cannot reliably do something - if
Jon Callas wrote:
Take a look at DKIM (Domain Keys Identified Mail) which does precisely
that. There is an IETF working group for it, and it is presently being
deployed by people like Yahoo, Google, and others. There's support for
it in SpamAssassin as well as a Sendmail milter.
recently
--
James A. Donald:
One way of doing this would be for the MTA to insist
on a valid signature when talking to certain well
known MTAs, and then my MUA could whitelist mail
sent from those well known MTAs
Paul Hoffman wrote:
Yes, if you are willing to throw out messages whose
At 7:02 AM +1000 9/8/06, James A. Donald wrote:
I do not seem to be able to use DKIM to for spam
filtering.
Correct. It is for white-listing. It tells the recipient (MTA or MUA)
that the message received was sent from the domain name it says it
was, and that parts of the message were not
--
Paul Hoffman wrote:
At 11:40 AM +0200 9/5/06, Massimiliano Pala wrote:
Jon Callas wrote:
On 4 Sep 2006, at 4:13 AM, Travis H. wrote:
Has anyone created hooks in MTAs so that they
automagically [sign email]
[...]
Go look at http://www.dkim.org/ for many more
details.
This
At 11:40 AM +0200 9/5/06, Massimiliano Pala wrote:
Jon Callas wrote:
On 4 Sep 2006, at 4:13 AM, Travis H. wrote:
Has anyone created hooks in MTAs so that they automagically
[...]
Go look at http://www.dkim.org/ for many more details.
This approach is MTA-to-MTA...
No, it's not. The
On 5 Sep 2006, at 2:40 AM, Massimiliano Pala wrote:
This approach is MTA-to-MTA... if you want something more MTA-to-
MUA
Not precisely. It is *primarily* MTA-to-MTA, for a number of very
good reasons, like privacy. However, a number of people will be
implementing DKIM verification in
Jon Callas wrote:
On 4 Sep 2006, at 4:13 AM, Travis H. wrote:
Has anyone created hooks in MTAs so that they automagically
[...]
Go look at http://www.dkim.org/ for many more details.
This approach is MTA-to-MTA... if you want something more MTA-to-MUA,
then you can take a look at this:
On 4 Sep 2006, at 4:13 AM, Travis H. wrote:
Has anyone created hooks in MTAs so that they automagically
sign outbound email, so that you can stop forgery spam via a
SRV DNS record?
Take a look at DKIM (Domain Keys Identified Mail) which does
precisely that. There is an IETF working group
12 matches
Mail list logo