-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David F. Skoll wrote:
> On Wed, 18 Aug 2004 [EMAIL PROTECTED] wrote:
>
>> Ehhh... DomainKeys can be trivially saved from this trivial defeat.
>> Just have the sending MTA create separate envelopes for each
>> recipient. Then add an X-Envelope-To: header. Finally have the MTA
>> sign each envelope independently before delivery. The
>> X-Envelope-To: header will be part of the digest.
>
>> On the receiving side, any RCPT TO: <> X-Envelope-To: invalidates the
>> DomainKey check.
>
> This then breaks forwarding, one of the advantages of DomainKeys over
> SPF.
How so? Email forwarding works, so long as the forwarding agent (say,
forwarder.example.com) signs the forwarded email with their DomainKey.
Then the ultimate recipient (or the next server in the line, to be accurate)
will be sure that the email came from forwarder.example.com.
It's up to forwarder.example.com to verify that the email really came from
originalsender.example.com - and find a way to pass that verification result
on to ultimaterecipient.example.com. I suggest a X-DomainKey-Result: Pass
header as a tool for this.
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
-----BEGIN PGP SIGNATURE-----
Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc
iD8DBQFBI7n4UQQr0VWaglwRAhvgAKDFyb3APQ8BHj5QetMONy24d+LtbACgkD9J
gZOQ+0MoHDeIKrGKZh0qlwI=
=LzUU
-----END PGP SIGNATURE-----
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
