> > One thing that bugs me is why we must now implement domainkeys on top > > of SPF. SPF pretty much does everything domainkeys does but simpler. > > Because SPF is a broken hack that doesn't properly accomodate the > forwarding of email without the use of other complicating hacks > such as SRS which mangle the sender address. > > SPF should have been scrapped years ago. Instead, most large > organizations use "?all" in their SPF entry (typically because of the > forwarding problem), putting SPF in advisory mode which negates the > whole purpose of having it anyway. > > DomainKeys at least provides a solution for the original problem; the > ability to determine whether an email came from a mail server that > was authorized to send from that domain, -and- the ability to embed > that signature into the message itself rather than relying on only the > source IP address to give that information. > > Everyone has different opinions on the usefulness of SPF, but the > reality of it is, DomainKeys solves the entire problem. SPF doesn't.
Where does DKIM fit in all this? Could Exim compile it in without the license restrictions of domainkeys? I use Directadmin which is based on exim and dovecot. http://wiki.exim.org/DomainKeys http://wiki.exim.org/DKIM Matt
