On Tue, 20 May 2008, SM wrote: > Date: Tue, 20 May 2008 13:25:41 -0700 > From: SM <[EMAIL PROTECTED]> > Reply-To: dkim-milter general discussion > <[email protected]> > To: dkim-milter general discussion <[email protected]> > Subject: Re: [dkim-milter-discuss] public keys for remote sites in our DNS? > > At 12:59 20-05-2008, Jeff A. Earickson wrote: >> Are you saying that there is a fix here? Email To/From lines can >> be easily forged, ie "Joe Job". Anybody can do a DNS lookup of our >> TXT fields for colby.edu; that's why it is in DNS. If you have >> a suggested improvement or if I've got something misconfigured, >> then I am listening... > > You can either have a granularity (g= tag) to allow the provider to > sign mail from a specific email address, e.g. [EMAIL PROTECTED] > or else have them use a subdomain, e.g. @offers.colby.edu. > > The second alternative may be better from a reputation > perspective. You can also have the bounces directed to the > provider's server instead of the colby.edu mail server.
Ugh. I noticed my g=*. I followed the install README but forsook a reading of RFC4871. Thank you all for the whack over the head. Jeff Earickson Colby College ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
