DomainKeys (Trademark Pending)
Yahoo! explains its DomainKeys anti-spam
proposal in detail, using pretty pictures. (Basic idea: All
messages will now be PKI-signed by the source MTA; public keys will be
stored in DNS, of all places.)
An interesting side-effect of the protocol as described in the DomainKeys
RFC is that message header order now becomes significant.
Because the headers are signed along with the rest of the message (a crucial
detail, since you want to sign the “From:” header most of all), the spec
explains that any headers that occur before DomainKeys-Signature:
are not included in the signature. (To verify a message, find the
last occurrence of this magic signature header, and then verify the signature
embedded in that header against the computed signature of all
subsequent headers plus the message body.) I don’t know of any other
usage of RFC822/2822 email that places this sort of restriction on header
ordering, and I know for a fact that there are MTAs out there
that aren’t always careful about keeping headers in sequence. (Fortunately
these all seem to be end-user mail apps, but you never know.)