Fri, 26 Aug 2016 18:50:47 -0400 Daniel Ouellet <dan...@presscom.net> > On 8/26/16 5:37 PM, li...@wrant.com wrote: > > > > Yes, these are all incomplete semi-solutions designed to do one thing, > > and only one thing well: deliver you commercial email that you'd trust > > is coming from the paying sender and not others that have not paid up. > > What I'm saying is that they address corporate, not very public needs. > > I kind of disagree with this statement. I fell actually it is less > efficient for commercial providers simply because of the number of users > and the easy way to create an account and then assuming someone else > identify in forge emails.
Hi Daniel, Of course I only insist that all of these proposals are incomplete tools. I also kindly propose that we continue this discussion directly off list. > Some someone having access to your mail server to send emails will get There you lost me reading the rest of the message, sorry it's too long.. If someone has access to your server, it is you who enforces the policy. > > https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail#Weaknesses > > https://en.wikipedia.org/wiki/DMARC#Compatibility > > But my question for sure that I am not sure of the answer is if you have > emails that happened to have multiple DKIM signature added to the header > along the way. Why would you have these, if email is not getting changed after sending? Simply abandon the concept of changing the email message after sending.. > The answer to that question is not clear to me. If you explain to us, why we need to have multiple signatures added then perhaps we (you) could start getting clearer position on your question.. > Why does that make a difference, well if you run your own server and you > control it pretty close and absolutely ONLY allow senders to use it by > authenticate to it, then the chance of forgery are reduce as much as you > control it to be nil if you use it just for you and are the only one > using it, or very limited trusted friends and all. > > Then the signature can be trusted, the SPF records can be trusted and > then the DMARC can be enforce. Done. Then remove these flawed tools & revert to open clear text mail.. as we have it now, and anybody that needs something more: encrypt yours. > But the choice is yours to make. > > I am really NOT in favor to rewrite any header what so ever. Or I am > definitely not convince of the benefit it may add yet! > > > Had to cut some text, sorry for the intrusion in your message body ;-) > > If the above links have inaccuracies, please help fix their accuracy.. > > As for this, there isn't any intrusion, I am more then happy to see a > better way to do things as fighting spam and forgery is a constant > batter that no one can win yet in an absolute way, only reduce it some. Advertising generates it, these same advertising companies run public email services. There is your answer, they propose these ideas: SPF, DKIM, DMARC, and future-to-see more. If marketers are getting paid.. The solution is to make it as convenient as SSH, raising malpractices costs by making them practically unfeasible. What we see now, is the reverse, making it impractically complex & ubiquitous to use $GOOG's. Kind regards, Anton
