The magic token has to be cryptographically tied to the contents of the original messageNo it doesn't. It has to be cryptographically tied to the mailing list's re-sending of the message. How to do that with asymmetric keys should be discussed somewhere other than on this list.
Now I'm totally confused. How does that help me as a sender distinguish between a good mailing list that is resending real mail from Yahoo and an evil mailing list that is sending phishes?
Regards, John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.
<<attachment: smime.p7s>>