[mail-vet-discuss] draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04
Scott Kitterman
mail-vet-discuss at kitterman.com
Fri Nov 7 17:25:03 PST 2008
On Fri, 7 Nov 2008 16:09:22 -0800 Douglas Otis <dotis at mail-abuse.org> wrote:
....
I think it's worth pointing out when considering how much to worry about
Doug's latest "SPF will melt the Internet" theory that shared MTA concerns
are directly addressed in the RFC 4408 security considerations. This is
nothing new that wasn't carefully considered during the protocol design.
I think it's reasonable to assume that implementers pay attention to RFC
security considerations. I think there are plenty of protocols that would
have security holes if their security considerations were ignored.
If a DKIM signing shared MTA were to sign a message sent by somone not
authorized to use the domain, the exact some situation arises.
Scott K
More information about the mail-vet-discuss
mailing list