>> That no workable envelope-level DKIM equivalent has materialized to >> date is unfortunate. >> >> Not for lack of trying, but I just don't see how you could prevent bad >> guys from replaying good envelopes on bad mail. > >Yeah. Short-lived keys is the best thing I can come up with. > >Do you think it's worth a shot?
Probably not. BATV is about 2/3 of what a scheme like that would be. It has a bounce address with a signature hash of the original bounce address and a timestamp, with its main limitation being that it uses a private key rather than public key signature, which would be straightforward to add. It works well for me, but people say it causes problems due to changing bounce addresses for the same correspondent (a surprising amount of software keys on bounce address) and local parts longer than 64 characters, a limit that some MTAs still enforce. To limit replays, it could include both the bounce and recipient addresses in the hash, but that would recreate much of what's wrong with SPF. So unless you have a truly brilliant way to solve all these problems (we can always hope), I don't see any point to going down this road again. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
