What do you need it for? My understanding is that it would be something like:
- Receive message - Extract signature - DNS.lookup(sender.domain,"MXKEY"); - Verify signature
And the last step: contact a service to see if the server is known to send spam. If it's on the list, refuse the email. Maybe here's a possible scenario:
1. spammer buys cert
2. spammer sends out 1 million emails
3. spammer gets blocked same day
4. if spammer bought < 20 certs, goto 1
5. verisign gets suspicious said spammer bought 20 certs over the past 20 days. Maybe the cert authority could stop issuing certs to the spammer.
It's light on detail, but maybe there is a way...
DomainKeys is being described as fighting spam, but really I think that's more for publicity. It strictly addresses SMTP identity theft, which then makes spam prevention techniques possible, such as the one you suggest.
The best thing (IMO) this will do is prevent emails from PayPal saying click here to type your credit card, or Microsoft has hand delivered this patch to you, or AOL users need to enter their password here. Whether you feel a business has a right to send you a promotion is at least a gray issue to some, but fraud is a bit more clear cut.
-- Serge Knystautas President Lokitech >> software . strategy . design >> http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
