In <[email protected]>, on 02/13/2012
at 09:36 PM, "Bank Security" <[email protected]> said:
>This makes no sense at all. DKIM and SPF do authentication right
>now. If for some reason you want authentication of the From: line,
>you know where to find Sender-ID or DMARC.
That's tied to the IP address.
>You can tell that the From: line is tied to a DNS entry, but you
>can't tell from that DNS entry whether the sender is the person who
>he claims to be, or whether his intent is to phish you or tell you
>that your bank account really is overdrawn.
We're still talking at cross purposes. I'm talking about the
posibility of the sender providing a field that contains text
encrypted with a private key and the receiver attempting to decrypt it
using a public key. I'm not addressing the issue of associating the
sender with an organization, just with his right to use the domain in
the header.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
Atid/2 <http://patriot.net/~shmuel>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
