[EMAIL PROTECTED] wrote on 08/18/2004 08:39:53 AM: > Furthermore, DomainKeys is trivially defeated with a replay attack. > Send yourself the spam through the signing server. Now you have a signed > spam that you can re-mail far and wide. Of course, you can't mutate it, > which might increase the effectiveness of DCC and the like, but it still > means you can't *really* trust a properly-signed message.
But wouldn't this require access to an account on the domain you are going to claim the email is from? If I want a message signed by Citibank, I would need access to send a message from their server. I don't have that and I'll bet most spammers/phishers don't either. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
