spam being sent using my domain

Corey Edwards tensai at zmonkey.org
Fri Jan 26 09:26:28 MST 2007


On Thu, 2007-01-25 at 21:46 -0700, Von Fugal wrote:
> Ah turkey, now I feel silly.
> I have heard of domainkeys but never really read up on it. I also seem
> to recall several people speaking ill of it. Maybe I'm thinking of
> S/MIME.
> Anyway, I was thinking of something a bit simpler. Signing a few select
> headers would be sufficient. For example From:/Sender:, To: and Date:

Signing just the headers would be naive. All it would tell you is that
the headers originated from that domain. It says nothing about the
content because you could alter, remove, or destroy the content without
affecting the signed portion. You really have to sign the body as well.

As with most things cryptographic, coming up with a new standard is
rarely more secure or simpler than sticking with the tried and true.
Domain Keys may be a relative newbie on the block, but it does have wide
exposure and in theory should be more robust because of it.

Corey





More information about the PLUG mailing list