Overview

Extension for cryptographic proof of sender authorization that goes beyond traditional SPF/DKIM/DMARC mechanisms.

Problem Statement

Current email authentication (SPF, DKIM, DMARC) provides: - SPF: IP-based sender verification - DKIM: Message integrity and domain signing - DMARC: Policy enforcement

However, they lack: - Cryptographic proof of individual sender authorization - Chain-of-custody for forwarded messages - Real-time revocation capabilities - Granular per-user authentication

Goals

1. Provide cryptographic proof that a sender is authorized to send from an address
2. Maintain authentication through forwarding/aliasing
3. Enable real-time authorization revocation
4. Support per-user key management
5. Remain backward compatible with existing SMTP infrastructure

Use Cases

• Enterprise: Prove specific employees are authorized to send official communications
• Compliance: Cryptographic non-repudiation for regulated industries
• Anti-spoofing: Eliminate CEO fraud and domain impersonation
• Delegated sending: Authorize third-party services with revocable credentials

Status

📋 Research Phase

Next Steps

1. Survey existing proposals (ARC, DKIM extensions, etc.)
2. Design key management infrastructure
3. Define SMTP extension protocol
4. Build proof-of-concept with msgs.global relay infrastructure