Gmail Begins Signing Email with DomainKeys
NW writes "According to a post at IETF's MAIL-SIG list, Google has begun to sign outgoing email from Gmail with Yahoo's DomainKeys signatures. This is the first large provider of email that is actually doing so (not even Yahoo has started that yet)."
Will it ever catch on? If enough people implement and use it, then yes.
Why not? If Google can grow to be numero uno in free webmail providers, that in itself will be a strong convincing factor.
The thing I like about Google - they do good things which forces other companies to follow them. Take search, for instance. Other companies had such horribly cramped search interfaces and ads, until Google came up with a clean and mean interface.
Now everyone - Yahoo!, Altavista, MSN Search - follow's Google's example.
I'm sure that if Gmail was to pick up momentum, the sheer number of users and need for interoperability would kinda force others to follow suit.
All these other providers had the means and the option, but did not do so. MS has so much funds and Hotmail in itself is responsible for a good chunk of spam - if MS had taken this stance, they could easily force other providers to adopt this technology and help decrease spam in the process.
But no.
_This_ is why I like Google. Way to go, guys.
I don't see how it's any better than SPF?
In fact, it could be worse since now a calculation is required to verify the sender in addition to the DNS query.
Anybody care to enlighten me?
No sig
Alright, I DID RTFA, and basically what this describes is just another way to authenticate that the user is from that domain. Isn't that the same thing SPF does? They both seem to accomplish the same task, but SPF appears to be easier to manage and easier to support. My personal (commercial) mail server already supports SPF, sendmail et al. support it (via external component), and my Barracudas (awesome product!) are beta testing spf support right now.
Oh yeah, and gmail already support SPF. Why promote different standards that are apparently identical in purpose?
If you are out to describe the truth, leave elegance to the tailor - Albert Einstein
I have a web domain mainly to receive e-mail.
When I send mail, I use my domain in the "from."
However, my domain provider doesn't allow smtp, so my outgoing mail is through my ISP.
If my ISP supports domain-keys, they will sign my outgoing mail, but it will NOT match my totally-legitimate "from."
According to the domain-keys summary, this would flag my mail. In medical terms, this is called a false-positive.
How does domain-keys prevent something like this from being a problem, other than by forcing users to adopt a completely different e-mail stragegy?
You forgot:
7. Yahoo is suggesting a solution that *should* have been the first thing everyone tried. Inventing complex new mail records is just silly.
Javascript + Nintendo DSi = DSiCade
That's all well and good, but, assuming this thing takes off, did you see this bit in the FAQ's?
"However, it is possible that Certificate Authorities may become a valuable addition to the DomainKeys solution to add an even greater level of security and trust."
So, to extend the "SUSPECT" folder, are we eventually going to find ourselves in the position where we all have to pay a CA simply to avoid having mail from private domains being bounced by big/wealthy/corporate providers.
This would suck, I have about 20 domains that I serve mail for, a couple of commercial ones, but mainly domains for friends, myself etc. At 50 odd dollars a throw, that'd be $1000 dollars a year.
Don't get me wrong, public verification would be nice in certain circumstances, but I can't see how this would happen without incurring considerable cost, after all, what you are paying for (in theory) is for someone else to verify you are who you say you are - this is a service that quite rightly is chargeable.
To go one step further, it would also (once more, in theory - in my experience the checking done for CA signed certs is non-existent/trivial to circumvent) reduce the anonymity and privacy on the net that we all value so highly - at least as far as email is concerned.