On 7/8/19 6:11 PM, Valdis Klētnieks wrote:
On Mon, 08 Jul 2019 17:58:17 -0700, Michael Thomas said:
On 7/8/19 5:54 PM, Keith Medcalf wrote:
This is because DKIM was a solution to a problem that did not exist.
::eyeroll:: pray tell, how do you "always" know the identity of the MTA sending you a message? It's more subtle than that - you always know the "identity" of the purported MTA, because you know their IP address. Whether "purported" is the same as "legitimate" or "authorized" is a whole different kettle of fish....
Remember - port 25 is widely blocked precisely because there were always a plenty supply of MTAs whose identity you knew, sending you spam from consumer living rooms....
Like I said, what DKIM brought is the ability to "blame me". knowing the IP address doesn't give you that in any useful way. Recall that trust is mainly a social construct, not a technical one. Bruce Schneier has written about that endlessly. Mike