Yahoo Developing Open Source Server Software For Spam-Resistant E-Mail
Julian Field
mailscanner at ecs.soton.ac.uk
Mon Dec 15 11:19:00 GMT 2003
At 11:01 15/12/2003, you wrote:
>On Fri, 12 Dec 2003 16:26:24 +0000, you wrote:
>
> >So when you get a mail without a correct domainkeys header, you know
> >absolutely nothing about its validity. You may like to think you know it is
> >not a valid Yahoo account, but you are wrong. You have absolutely no
> >information about whether it is valid or not.
>
>It also won't block spam that is injected by a compromised system using
>as from-header the domain of that system (or perhaps pulled from the
>mailer on that system).
And then there's the little matter of verifying all these domainkeys
headers. Is every vendor really going to add this feature to their mail
client? Are Hotmail and AOL going to start helping Yahoo users by verifying
the domainkeys, when it doesn't really help their users much?
I can see it being a feature that people just see the headers and assume
"it's got a domainkeys header and therefore must be valid" while never
actually bothering to check the validity because they have no way of doing
so. All the spammers add likely-looking random strings as a domainkeys
header in all the mail they send, and all you have succeeded in doing is
making every spam message a bit bigger.
Or maybe I'm just a cynical old sod and the world really is pink, fluffy
and full of people who aren't trying to make money...
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list