> As each message is injected into the "public" internet by a SMTP server, > that message is signed with a private key controlled by whoever owns the > injecting domain. > > From that point on, anyone can query the DNS for that domain and get a > public key; if the public key doesn't "unlock" the message, it *is* forged, > and can be immediately dropped. SPF can only suggest that it might be > forged, and use that information to feed into subsequent filters; Yahoo's > scheme is authoritative. Further, using SPF every stage (relaying or > forwarding) must provide SPF sender verification otherwise there is no > benefit. Using Yahoo's crypto scheme, you can copy the message onto a > floppy disk and hand carry it around and at the other end you can still > authenticate the message.
Like signing an email with S/MIME? I do that 90% of the time, if only mail servers checked these signatures... Maybe if I put my public key in a TXT. SPF can specify domains that cannot send emails as well. It's interesting, but it does have flaws at the moment. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
