Re: debian.org e-mail address and SPF/SRS

[Tollef Fog Heen <tfheen@raw.no>]

* Matthew Palmer 

| Uhm, having just read through the supplied URL, I can't agree with the
| sanity of the proposal.

| It appears to require that headers not be modified at all in transit
| (which means that forwarding becomes impossible),

Uhm, which headers are modified by a forwarding agent?  New headers
can be prepended just fine, and you don't have to sign all the
headers.

| and suffers from the same problem as most mail server crypto issues
| -- domain names (and the associated keys) are trivial to obtain.
| It's just too easy to get a new domain to spam from, and rejecting
| mail from unknown domains reduces the system to a fancy whitelist.

It gives you traceability and it can be used to prevent joe-jobs.
It's not a silver bullet solution against spam.

| If the "signed headers" problem isn't as bad as I think it is, then it
| certainly looks saner than SPF, but the FAQ question "How does DomainKeys
| work with mailing lists?" give me chills (and not the good kind).

Which mailing list systems do you know of that change headers and
don't claim the message (basically using themselves as the envelope
sender).  I can certainly imagine there being such beasts out there,
but most of the larger ones certainly don't, as they would then have
no way to catch bouncing members.

-- 
Tollef Fog Heen                                                        ,''`.
UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                      `. `' 
                                                                        `-