spam being sent using my domain

Jonathan Duncan jonathan at bluesunhosting.com
Fri Jan 26 11:20:14 MST 2007


On Fri, 26 Jan 2007, Corey Edwards wrote:

> On Thu, 2007-01-25 at 21:46 -0700, Von Fugal wrote:
>> Ah turkey, now I feel silly.
>> I have heard of domainkeys but never really read up on it. I also seem
>> to recall several people speaking ill of it. Maybe I'm thinking of
>> S/MIME.
>> Anyway, I was thinking of something a bit simpler. Signing a few select
>> headers would be sufficient. For example From:/Sender:, To: and Date:
>
> Signing just the headers would be naive. All it would tell you is that
> the headers originated from that domain. It says nothing about the
> content because you could alter, remove, or destroy the content without
> affecting the signed portion. You really have to sign the body as well.
>
> As with most things cryptographic, coming up with a new standard is
> rarely more secure or simpler than sticking with the tried and true.
> Domain Keys may be a relative newbie on the block, but it does have wide
> exposure and in theory should be more robust because of it.
>
>

Here is a page that gives a brief overview of some of the different 
anti-spam solutions:

http://www.openspf.org/Related_Solutions

Jonathan



More information about the PLUG mailing list