--On Tuesday, August 27, 2002 9:01 PM -0700 David Schwartz <davids@webmaster.com> wrote:
Your secure mail server (i.e. me) just has to be named in a MAIL-FROM MX record. We do DNS for some of our customers, and can add this trivially; the others control their own zones. Works for me.
How would this stop the destination mailservers from rejecting the mail forwarded by the secure server? Remember, the situation is that I don't trust my ISP to see my outbound mail (because that's where warrants are likely to be served or interception hardware would likely be surreptitiously inserted). So I don't want my outbound mail passing through my ISP unencrypted.
Given this extraordinary requirement, either you wouldn't be my customer, or you'd better encrypt at the endpoint (though pipes leak best out the ends). Or you can pony up the money for your own host on a dedicated circuit so _it_ can be in the MAIL-FROM MX for your domain (of course you'll need your own domain), and then you and your ISP can argue about traffic analysis and acceptable use. Still doesn't fundamentally break the proposal in hand, it seems to me. You always get to not publish the repudating information if you don't want people to use it.