David wrote:
>> Ultimately I believe the only real long-term solution will be something
>> based on the PGP web-of-trust (i.e. not just the model but the actual
>> existing keyserver infrastructure and existing authentication
>> mechanisms) but done at the MTA-to-MTA level such that postmasters can
>> measure the level of trust their mailers have of their connecting peers
>
>
> I've been also thinking about it after i saw some email messages with
> a PGP-Signature header. It will be easy to add a special header with
> a PGP signature added by the mta (isp) and check it. This is close to
> DomainKeys but as you noted it bennefits of the existing
> infraestructure. Nevertheless this requires to accept the whole message
> body before any decision could be taken, which solves only a part of
> the spam problem. A method to take decisions before DATA is also need
> to address the bandwith usage problem.
Standard for PGP/GPG signature header is used for some time for signing usenet
control messages:
ftp://ftp.isc.org/pub/pgpcontrol/README.html
It can be used to sign message body and sender chosen headers.
One improvement recommended in discussion about it in news:comp.mail.sendmail
was to add to make signature verifiable even when body footer is added (e.g.
by mailing list software).
IMHO Adopting long existing standards is a good protection against dubious
claims of IP/patent violations.
--
Andrzej [en:Andrew] Adam Filip anfi@??? anfi@???
Home Page
http://anfi.homeunix.net/ [ PageRank 6 ]