Hello, I am currently involved in a project to create an internet-draft for a domain/key based system allowing mail domains to be validated using rsa keys, distributed using the DNS system, with minimal modification to existing infrastructure. Does a specification for such a system already exist? I have many ideas for extentions to the existing SMTP protocol, as well as plans for a derivative protocol incorporating this key-based system as a more secure and verifiable method of exchanging mail. If anyone is interested, I would appreciate being contacted off-list to discuss the possible formation of a working group to discuss such ideas. Regards, James Denness On Wed, 26 May 2004, Vernon Schryver wrote: > Date: Wed, 26 May 2004 15:00:00 -0600 (MDT) > From: Vernon Schryver <vjs@xxxxxxxxxxxxxxxxxxxx> > To: ietf@xxxxxxxx > Subject: Re: spoofing email addresses > > > From: Andrew Newton <andy@xxxxxx> > > > On May 24, 2004, at 1:49 PM, Valdis.Kletnieks@xxxxxx wrote: > > > > > > In fact, there isn't any sane way to detect "inconsistent" header > > > information > > > without external hints - this is the reason why there's the SPF > > > proposal, the > > > Yahoo domain-keys proposal, and Microsoft's proposal. > > > > And MARID. > > I don't see any of those proposals and their competitors as sane. > Some of them, such as SPF, do not even meet their own design goals > as stated informally by their advocates. Others such as domain-keys > do not seem to do anything that is not already done by SMTP-TLS, despite > the goals in the I-D that seem to be closer to S/MIME. None of them > have much to do with spam, but only with a currently popular mode of > attack used by spammers. None have any hope of affecting even that > particular attack mode for years, because none can have any significant > effect until deployed on most SMTP clients. Many seem to be based on > insufficient familiarity with the nature of SMTP (e.g. SPF's incredible > source-routing scheme) and the urge to Do Something Now regardless of > actual results. > > > Vernon Schryver vjs@xxxxxxxxxxxx > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf