[Leaplist] DKIM good or bad for people and Linux
John Simpson
jms1 at jms1.net
Mon Feb 11 13:11:02 EST 2008
On 2008-02-11, at 1119, Sun State Martial Arts wrote:
>
> Powerful new antiphishing weapon DKIM emerges
> ...
> There's a new gun in town, and some of the Internet's most powerful
> companies -- including Yahoo <http://www.networkworld.com/news/financial/yahoo.html
> >, Google <http://www.networkworld.com/news/financial/google.html>,
> PayPal <http://www.paypal.com> and AOL <http://www.aol.com> -- are
> brandishing it in the ongoing battle against e-mail fraud.
> ...
> So the question is will something like this help the community at
> large or be more of a big guy v little guy type solution?
old news. this was originally known as "domainkeys".
the idea is this: each domain has one or more public keys, which are
shared with the world using DNS records. when a message is sent from a
domain which has a key, through a server which is legitimately allowed
to originate mail for that domain, that server adds a header to the
message which contains a cryptographic signature of the message
itself. then, anybody who has the domain's public key (i.e. anybody
who can do DNS queries) can verify that signature, which proves that
(1) the sender IS authorized to send messages from that domain, and
(2) the message itself hasn't been changed in transit.
personally, i think it's a good idea. the biggest problem is that only
a limited number of domains have created keys and are signing
messages, and even fewer of them are verifying the signatures on
incoming messages. (at the moment, my own server doesn't do either
one- one of my "when i get some free time" projects is to add
domainkeys support.)
--------------------------------------------------------
| John M. Simpson -- KG4ZOW -- Programmer At Large |
| http://www.jms1.net/ <jms1 at jms1.net> |
--------------------------------------------------------
| Hope for America -- http://www.ronpaul2008.com/ |
--------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.leap-cf.org/pipermail/leaplist/attachments/20080211/10503dc4/PGP.bin
More information about the Leaplist
mailing list