Hi David, DKIM is one of at least 3 different serverside email verification protocols - the other lesser one is SenderID aka CallerID from Microsoft, and the really big one is SPF. Yahoo and gmail are the only people doing DKIM that I know of (check your own gmail headers - you can see it in there: DomainKey-Signature: a=rsa-sha1; q=dns; ...
S/MIME is better than all the above, since it's client-side instead of serverside (cannot be spoofed by other users of the same ISP or webmail provider) - but S/MIME itself relies on some earlier "click here to confirm you own this email address" check, none of which probably use SPF/DKIM/SenderID OpenPGP is like S/MIME - but without any address verification (unless you can find a root CA who signs OpenPGP keys? I guess some do) Spamassassin is a free tool which can check all these things, so it's a no-brainer to require valid SPF/DKIM/SenderID - or at least reject when spoofed SPF/DKIM/SenderID is found. Kind Regards, Chris Drake _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
