On Thu, Nov 04, 2004 at 09:59:44AM +0100, Tollef Fog Heen wrote: > * Osamu Aoki > > | If you know easy way to avoid this problem exists, please let me know. > | (Changing ISP is certainly an option.) > > Use BSTMP to gluck. > > (If your ISP can't be whacked into turning it off/Implementing yahoo's > DomainKeys proposal, which looks fairly sane to me; > http://antispam.yahoo.com/domainkeys )
Uhm, having just read through the supplied URL, I can't agree with the sanity of the proposal. It appears to require that headers not be modified at all in transit (which means that forwarding becomes impossible), and suffers from the same problem as most mail server crypto issues -- domain names (and the associated keys) are trivial to obtain. It's just too easy to get a new domain to spam from, and rejecting mail from unknown domains reduces the system to a fancy whitelist. If the "signed headers" problem isn't as bad as I think it is, then it certainly looks saner than SPF, but the FAQ question "How does DomainKeys work with mailing lists?" give me chills (and not the good kind). Oh damn, I think I've just started the flamewar again... - Matt
signature.asc
Description: Digital signature
