[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian.org e-mail address and SPF/SRS

On Thu, Nov 04, 2004 at 09:59:44AM +0100, Tollef Fog Heen wrote:
> * Osamu Aoki 
> | If you know easy way to avoid this problem exists, please let me know.
> | (Changing ISP is certainly an option.)
> Use BSTMP to gluck.
> (If your ISP can't be whacked into turning it off/Implementing yahoo's
> DomainKeys proposal, which looks fairly sane to me;
> http://antispam.yahoo.com/domainkeys )

Uhm, having just read through the supplied URL, I can't agree with the
sanity of the proposal.  It appears to require that headers not be modified
at all in transit (which means that forwarding becomes impossible), and
suffers from the same problem as most mail server crypto issues -- domain
names (and the associated keys) are trivial to obtain.  It's just too easy
to get a new domain to spam from, and rejecting mail from unknown domains
reduces the system to a fancy whitelist.

If the "signed headers" problem isn't as bad as I think it is, then it
certainly looks saner than SPF, but the FAQ question "How does DomainKeys
work with mailing lists?" give me chills (and not the good kind).

Oh damn, I think I've just started the flamewar again...

- Matt

Attachment: signature.asc
Description: Digital signature

Reply to: