--On Tuesday, May 18, 2004 8:18 pm -0400 Dean Brooks <dean@???> wrote:
> Hi,
>
> Some of you may have seen this already, but I saw on news.com that
> Yahoo published a website recently about their DomainKeys message-
> signing system as their suggested (and IETF submitted) method of
> stopping spam.
>
> http://antispam.yahoo.com/domainkeys
>
> Apparantely, both sendmail and qmail are working with them on a base
> implementation.
>
> Anyone see any merit in this and have any ideas on how this could
> be plugged into Exim if it ends up going anywhere?
Hmm, they say this:
> it can be compared to the domain used by the sender in the From: field
> of the message to detect forgeries.
Which is nonsense. rfc2822 (3.6.2. Originator fields) says that the From:
field should refer to the mailbox of the AUTHOR of the message, who may not
be the sender of the message. So, it is perfectly legitimate for the From:
field to contain a domain (or several, even) that doesn't relate to the
sender.
That would require the MTA for example.co.uk to be able to verify, for
example, email addresses for example.com. Clearly, they can't easily do
that.
--
Ian Eiloart
Servers Team
Sussex University ITS
