IPv6 isn't SMTP
blake at ispn.net
Thu Mar 27 19:16:48 UTC 2014
Barry Shein wrote the following on 3/27/2014 2:06 PM:
> I suppose the obvious question is: What's to stop a spammer from
> putting a totally legitimate key into their spam?
It's entirely likely that a spammer would try to get a hold of a key due
to its value or that someone you've done business with would share keys
with a "business" partner . But ideally you'd authorize each sender with
a unique key (or some sort of pair/combination). So that 1) you can tell
who the spammer sourced the key from and 2) you can revoke the
compromised key's authorization to send you subsequent email messages.
There's probably some way to generate authorization such that each
sender gets a unique key or a generic base is in some way salted or
combined with information from the individual you're giving your
authorization to such that the result is both unique and identifiable.
More information about the NANOG