On 19 Aug 2004 at 23:20, Jose Marcio Martins da Cruz wrote: > The only thing DomainKeys is to tell : "OK ! This is a message sent by > my domain".
No, it doesn't do that. The only thing DomainKeys does is say "this message has some random user-generated text (the From: header) with my domain name". It may have come from *anywhere*, as David outlined: 1. Send yourself a message from Yahoo to someplace else so you get a message signed with DomainKeys. 2. Feed the resulting received e-mail with *no* changes that alter the signature into the SMTP pipeline (which sends based on envelope recipient)...forge the envelope sender, of course. You can use almost any very simple script to do this. 3. Watch as Yahoo gets berated because "this junk came from you...I verified it with the tool you designed!" -- Jeff Rife | SPAM bait: | http://www.nabs.net/Cartoons/ShermansLagoon/OtherWhiteMeat.jpg [EMAIL PROTECTED] | [EMAIL PROTECTED] | _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
