> > Backscatter for the most part is not a problem because it has a simple > > solution: Message source authentication, with varying implementations > > and degrees of success - SPF, DKIM, MTX, PGP-signatures, etc. > > Various degrees of failure would be a better description....
Ack! It good that there are attempts to solve the problem. SPF is fine so far, as the sender can decide how to block. But there are problems with forwardings if you don't use SRS. SRS is not yet built in MTA products as afaik it's not RFCed yet. For Sendmail there is an ugly socketmap solution. For Postfix you would need a milter or similar. Qmail has a pretty solution, but Qmail itself is imho just broken. Exim, I don't know. DKIM. Yeah, clever idea to sign the headers so the recipient can check the email was not altered and reject it if there is no signature (what you need to do if you want reject emails with forged from address) or those headers were altered. But: There are Mailinglists, like this very MIMEDefang List. Guess what, Subject and Reply-To Headers are signed, but they are altered by mailman. If a DKIM Signed email is sent over the Mimedefang Mailinglist and I would enable DKIM on my MTA, I would reject such emails. So DKIM realy is a NoGo! PGP is fine. But how would you filter spam with PGP unless everyone is using PGP Signatures? And that is never going to happen, so you still have to accept unsigned emails, including spam. MTX? I will have to look up what that is. Well until now I don't know any solution that works flawlessly. SMTP was just designed with a couple of flaws and we have to work around the one kind or the other and try not to break too much. Mit freundlichen GrĂ¼ssen Benoit Panizzon -- I m p r o W a r e A G - ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 Pratteln Fax +41 61 826 93 02 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
