[Mimedefang] sendmail spf milter plugin for sendmail 8.13.0
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Wed Aug 18 16:20:23 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David F. Skoll wrote:
> On Wed, 18 Aug 2004 Matthew.van.Eerde at hbinc.com wrote:
>
>> Ehhh... DomainKeys can be trivially saved from this trivial defeat.
>> Just have the sending MTA create separate envelopes for each
>> recipient. Then add an X-Envelope-To: header. Finally have the MTA
>> sign each envelope independently before delivery. The
>> X-Envelope-To: header will be part of the digest.
>
>> On the receiving side, any RCPT TO: <> X-Envelope-To: invalidates the
>> DomainKey check.
>
> This then breaks forwarding, one of the advantages of DomainKeys over
> SPF.
How so? Email forwarding works, so long as the forwarding agent (say,
forwarder.example.com) signs the forwarded email with their DomainKey.
Then the ultimate recipient (or the next server in the line, to be accurate)
will be sure that the email came from forwarder.example.com.
It's up to forwarder.example.com to verify that the email really came from
originalsender.example.com - and find a way to pass that verification result
on to ultimaterecipient.example.com. I suggest a X-DomainKey-Result: Pass
header as a tool for this.
Matthew.van.Eerde at hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
-----BEGIN PGP SIGNATURE-----
Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc
iD8DBQFBI7n4UQQr0VWaglwRAhvgAKDFyb3APQ8BHj5QetMONy24d+LtbACgkD9J
gZOQ+0MoHDeIKrGKZh0qlwI=
=LzUU
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list