Yahoo Mail Adds DomainKeys Authentication
Posted by malebolgia on 15 November 2004 - 15:55 · 8 comments & 2138 views
About the Author
Full name: Unknown
Forum name:
malebolgia
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
malebolgiaContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(2 replies)
#1 Posted by Billprozac on 15 Nov 2004 - 16:40
- Geez, could we all just agree on one method and have everyone adopt it!
-
#1.1 Posted by Jugalator on 15 Nov 2004 - 16:58
- They're on the way -- two major mail providers now use this: Google and Yahoo.
This move was pretty expected since AFAIK, it's a technology from Yahoo that Google were just early adopters of.
This is great, I can only hope it becomes a kind of de facto standard.
We need some way to identify the true sender of mails, pretty obvious really.
I hope Microsoft is next with Hotmail. -
#1.2 Posted by kitchenutensils on 15 Nov 2004 - 18:22
- sorry but hotmail's about to adopt SenderID... not domainkeys; like the new dvd formats we'll have to see which one flattens out.
-
#2 Posted by Matt500 on 15 Nov 2004 - 16:57
- At least they are trying
-
#3 Posted by NXTwoThou on 15 Nov 2004 - 18:31
- Unfortunately, DomainKeys is going to leave a lot of people out in the cold. I know the mail server software that my company uses has already stated they aren't going to implement this as its a lot more work than the SPF/SenderID stuff(which, they still aren't going to implement, but, its not big deal if they don't, as without implementing it, it doesn't cripple us from sending or receiving mail(we just have to make a few entries in our dns entry to indicate that our ip addies are authorized to send for the domain)).
I think that's the part that bugs me about DomainKeys...its reliant on everyone changing software...
-
(2 replies)
#4 Posted by FireRabbit on 15 Nov 2004 - 19:48
- I like this approach alot more than SPF/SenderID. Digital signatures are alot more reliable than any sort of IP-based verification, and much more flexible. For example, if someone (like me) runs a mail server from their home who's IP Address changes every so often they would not need to make any addional DNS changes (other than MX) to keep email working. Under SPF if I understand correctly, the TXT record stornig the SPF data would have to be updated for the new IP address.
And I don't know what kind of company thinks this is too much work to implement. Digital signing+verification is extremely simple with all the high-level APIs people have developed, especially in the .NET Framework (System.Security.Cryptography). Here's a C# implementation of DomainKeys that looks like fewer lines of code than the RFC.
http://mmmservices.web.cern.ch/mmmservices/Antispam/DomainKeysLibrary.aspx
I hope this gets implemented. I don't see anything that would prevent this and SPF from co-existing, but I do agree it would be nice if everyone agreed on a standard. -
#4.1 Posted by NXTwoThou on 15 Nov 2004 - 22:22
- I use Mercury Mail. So far, I get the impression that the general stance is that until there's a unified standard, its not worth coding every proposal that comes around.
DomainKeys has been mentioned a few times in the past few months in the mercury mailing list, some of the reasons people have against DomainKeys is that mailing lists and relaying through your ISP would no longer work. Some are also concerned about the processing penalty of generating the hash.
DomainKeys = Extra processing on everyones mail servers to generate the hash as mail goes out. Everyone has to support the standard, or it doesn't work. Last implementation I'd read showed that the headers are included as part of the hash, meaning that it can't be used for listservs or isp relaying.
SPF = Extra processing only on the machines receiving mail that want to filter based on SPF. Default for someone without a SPF record is that they don't care who uses that domain name for the from address. If someone wants to restrict access to their property(domain name) they simply tighten their SPF record.
As for SPF for your situation, when you make your MX change, make your TXT change, they are both stored in the same place... Or if you have an automatic method that currently changes your MX(and there is no support for changing TXT records), simply make your SPF record have a broad range of available addresses(x.x.x.???)
The one advantage of DomainKeys over SPF is that it protects against ip spoofing. -
#4.2 Posted by FireRabbit on 16 Nov 2004 - 00:51
QUOTE
DomainKeys has been mentioned a few times in the past few months in the mercury mailing list, some of the reasons people have against DomainKeys is that mailing lists and relaying through your ISP would no longer work. Some are also concerned about the processing penalty of generating the hash.
QUOTE
DomainKeys = Extra processing on everyones mail servers to generate the hash as mail goes out. Everyone has to support the standard, or it doesn't work. Last implementation I'd read showed that the headers are included as part of the hash, meaning that it can't be used for listservs or isp relaying.
QUOTE
As for SPF for your situation, when you make your MX change, make your TXT change, they are both stored in the same place... Or if you have an automatic method that currently changes your MX(and there is no support for changing TXT records), simply make your SPF record have a broad range of available addresses(x.x.x.???)
By supporting DomainKeys on its own service, Yahoo hopes to jump-start broader adoption of its answer to stemming the rise of spam and phishing attacks through e-mail. Online attackers regularly send unsolicited e-mails and lure consumers into clicking malicious links or providing personal information by disguising their e-mail addresses with the domains of major consumer companies. "By implementing and deploying DomainKeys, we're showing that the cryptographic solution is not only the long-term answer but today's answer as well," said Miles Libbey, anti-spam product manager for Yahoo Mail.
The major problem of efficient web surfing is organizing favorites and managing links to the web sites we have visited and found to be of interest to us. It is a well known fact that finding the web site that meets our needs and re-visiting it is much more effective than searching the web each time. With growing number of high quality online services it becomes almost impossible to keep the link information well-organized and easy to use. Browser favorites and bookmarks in most cases are not enough to represent complex information exchange models of a human being.
At this point, many of us realize that an application capable of organizing, cataloguing, sorting and synchronizing web links may save the day. But where do we find the one and only solution that would take the browsing headaches away?
Introducing Link Commander by Resort Labs, the unique fully automated links management solution that allows you surf the web easily and visit the places you want to visit, exactly when you need to!
Link Commander integrates with your web browser(s), automatically importing all your current favorites and bookmarks into a links collection. Once this is done, you can organize your links into groups, sort them basing on extensive set of criteria, set individual link verification options and even browse the web right from the application!
The program features convenient classic two panel interface available in five different visual styles and localized to several languages.
Besides link management convenience, Link Commander is capable of password-protecting either entire collection or selected folders only. Another great feature of this application is collection backup and comparison of current and backup copies, which is very useful when you want to synchronize links on home and office PCs. You can also share your links collection with anyone who has an e-mail address.
So why wait any longer? Download FREE 30-days trial version today and see how convenient web browsing can be!