Tony Finch wrote:
>>I'm just trying to mull over in my mind why this would be so much better
>>then http://spf.pobox.com/.
>
> You seem to have missed the fact that SPF breaks existing working
> legitimate setups.
DomainKeys also does. If I read the proposal right, a server isn't
allowed to add any header after the DomainKeys-Signature: header.
Well, exim does. Imagine a forwarding service, with spam-scanning, which
adds headers. Boom, DomainKeys will fail to verify the mail.
Also, what stops spammers/phishers from sending mails without a
DomainKeys-Signature header? Yes, the mail is treated as unverified
then, but, does ANYONE really believe that this will make a difference
in the way a user handles this mail? A server can't reject the mail in
such a case, as you can't tell if the mail should have a signature or not.
Nico
