On Wednesday, 22 November, 2017 04:47, Richard Damon <rich...@damon-family.org> wrote:
>There is a fundamental problem with the email system that it goes >back to a kinder and gentler time, and it is trivial to spoof most >mail. Including good old-fashioned snail mail of course. There is also no way to determine the "identity" of the sender of postal mail either. Both the envelope addresses and the inside addresses can be forgeries (same as they can with e-mail). In both cases only the postmark (or Received headers) are all that can be reliably determined. However, it is generally immediately noticeable if the envelope-from, inside, and signature's on snail mail are inconsistent and the postmark indicates the originating post office was is Boogaloo rather than Dumphries. This information is not commonly displayed for e-mail. SPF is the e-mail equivalent of matching the envelope-from to the sending MTA (post office). DKIM adds to this by cryptographic assurance of the inside and body to the sending MTA (post office). DMARC is simply to address the issue that DKIM signatures cannot be verified until after the recipient has taken custody of the message rather than rejecting the receipt of the message in the first place. DMARC is the electronic replacement of the old-fashioned dustbin. >SPF/DKIM/DMARC are part of the attempt to fix this, and I think the >developers of those understand they have just started. The issue is >that >some others have taken these beginnings and deployed it outside the >intended sphere where there are issues still to be resolved. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
