Yahoo Developing Open Source Server Software For Spam-Resistant E-Mail

Julian Field mailscanner at ecs.soton.ac.uk
Fri Dec 12 16:26:24 GMT 2003


Unfortunately it suffers from the same problem affecting pretty much all
such systems being mooted at the moment.

They seem to think that
    a ==> b
is the same as
    not a ==> not b
(where "==>" is "implies")

The presence of a correct version of this domainkeys header does indeed
imply that the message came from Yahoo server. But plenty of mail from
perfectly valid Yahoo accounts is not sent from Yahoo servers. I, for
example, send mail from "jules at mailscanner.info" from servers belonging to
"ecs.soton.ac.uk". And I send mail from "mailscanner at ecs.soton.ac.uk" from
servers belonging to BT Openworld.

The lack of a correct Yahoo domainkeys header does *not* imply that the
mail is not from a perfectly valid Yahoo user.

So when you get a mail without a correct domainkeys header, you know
absolutely nothing about its validity. You may like to think you know it is
not a valid Yahoo account, but you are wrong. You have absolutely no
information about whether it is valid or not.

The press don't appear to understand this, and the companies' marketing
teams don't either. They are trying to sell systems which are next to useless.

Just my 2p worth...

At 16:05 12/12/2003, you wrote:
>It's not going to limit spam, but I think it's a step in the right
>direction. It will also take some significant cpu power to handle the
>DomainKeys, but it will certainly be nice to be able to trust that mail
>FROM Yahoo.com and any other often impersonated domain that implements
>this system actually came FROM that domain. It will also have the effect
>of making domain whitelists (allow *.mydomain.com) very useful.
>
>Ken
>Pacific.Net
>
>
>Tristan Rhodes wrote:
>
>>Since we were talking about AOL's anti-spam tactics, here is some info
>>about Yahoo.
>>
>>"The company is developing code, called DomainKeys, that's compatible
>>with Sendmail and qmail, two popular E-mail transmission programs known
>>as message transfer agents. It anticipates release sometime next year.
>>DomainKeys will use public key cryptography to digitally sign outgoing
>>messages to reassure a public now suspicious of E-mail. "
>>
>>http://www.linuxpipeline.com/news/showArticle.jhtml;jsessionid=HY12EQWM4BORKQSNDBCCKHY?articleId=16700123
>>
>>What do you think of this strategy?
>>
>>Tristan
>>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list