But your underlying objection is correct - headers get changed and added
all the time. The question would be whether that will significantly
affect this scheme and how to deal with it. Signing a select group of
headers AND requiring MTAs that send signed messages to have those
headers present might be one way of it.
What I see as problem is:
Imagine a header
X-Signature: mail.example.com; sign=439KJHD9087KJKLHKJ7LKJJLK
Now I can check back with mail.example.com and validate the sign. Fine.
A spammer can now simply use that and it will be ok for everyone.
Now I want more security. Thus I need some variable token. One
possibility would be to use a date and give messages a lifetime.
X-Signature: mail.example.com; date=20031209-23:06:17; sign=439KJHD9087KJKLHKJ7LKJJLK
Now the signature would be calculated using "mail.example.com" and the
varibale part "20031209-23:06:17". If it matches "439KJHD9087KJKLHKJ7LKJJLK"
the message will be accepted. A spammer can now simply use that very
line and it will be ok for everyone, at least until some expiration
date. However that has to be at least some days to compensate for
poorly configured hosts with wrong times or for message delays on relay
SMTP servers or the like. For a spammer it is rather easy to get a
valid line that is still valid for say 5 days: subscribe to any mailinglist
and the records are delivered right to your mailbox.
Lets say that a spammer does do a replay attack. Wouldn't signing the
message (body and headers) force the spammers to be able to send
identical spams if they want them to appear to come from that domain?
Wouldn't that also mean that systems that rely on identical spam content
such as DCC, would be able to catch the spams easier?