-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Les Mikesell wrote: | On Mon, 2004-08-09 at 10:47, Dave Williss wrote: | | |>So back to the postal analogy, you'd could drop a letter in your own |>mailbox from anywhere in the world as long as you had the key. |>Although, if the authentication is done by password sent in clear text, I |>don't think I would like that option. | | | Yes, analogies are always flawed, but my point is that I don't | want aol or msn to claim, rightly or wrongly, that they control | the content of my messages even if they happen to originate | from that domain. As I understand it, that's what you get from | SPF and if people come to rely on that, it will be enforced to | make it true. | You overestimate what SPF does. All SPF-Pass means is that the e-mail came from an authorized sender for the domain in question. Aol can use SPF to say that e-mail from smtp.aol.com is from an aol user or employee, while if it comes from pool-dynamic-11-12-12-12.DSLexample.net it is unauthorized, and probably forged.
Content is beyond the scope. For content authorization or verification you need GPG, S/MIME or something similar.
- -- Daniel Taylor VP Operations Vocal Laboratories, Inc. [EMAIL PROTECTED] http://www.vocalabs.com/ (952)941-6580x203 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFBF9Hc8/QSptFdBtURAj9KAJ99H+I79kMmNELbO234cajbqqYUMQCfYFq2 m0oPRy7KbCY1eM7GKOZjWwg= =nNRo -----END PGP SIGNATURE----- _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang