Sure was. Yahoo first started with their directory back when it was a stanfordresearch project. They eventually decided they needed search, so they used this cool search engine called Inktomi. And Inktomi became the biggest search engine out there. When it came time to renegotiate their deal, Inktomi got greedy, so Yahoo dropped them and began using Altavista. And Altavista became the biggest and best search engine out there. When it came time to renegotiate their deal, Altavista got greedy, so Yahoo dropped them and began using Google. And Google became the biggest and best search engine out there. When it came time to renegotiate their deal, Google got greedy, so Yahoo dropped them and bought Overture (which had just bought Altavista and Inktomi) so they could focus on search themselves.
> Not difficult, just do a MX lookup on the current host DNS and then use the results for a SMTP host.
Why not just take the hostname from Outlook when grabbing the username password?
>the ISP should force their users to authenticate with the server, using secure SSL
Tons of ISPs only do IP authentication right now. Convincing their customers to change Outlook settings (without resulting in a support call) is a very expensive proposition. Hopefully the ISPs will open port 587 at the same time and get users to change that setting at the same time.
So you are complaining about receiving mail that you asked for? Your company contacted AOL to set this up. Go check out your settings at http://postmaster.aol.com/fbl/fblcheck.html
If you *really* want your complaints set to abuse@, then configure it that way.
By the way, AOL sends us the full headers (minus To: and From:). We have yet to find a mail that did not originate from our network, though there are certainly invalid complaints.
>Easy solution: Add the ISP's public key (found in DNS) to your DNS record. That way the lookup will find a match when comparing signature on mail and sertificate on server. Not sure if this works, but it should
Umm, how is the receiver going to know to look in your DNS record? If the ISP signs it, they will put their domain as the record to look up.
I'd guess that ISPs and Mailbox providers will eventually offer services that will sign yourdomain.com mail for you -- just give them a private key for it and put the corresponding public key in DNS.
>There is almost zero cost required for operating a certifying agency beyond actually accepting the paperwork for initial registration. Thus, there is no excuse whatsoever for this being a yearly fee. Were this operated in a non-profit fashion (unlike CA), registering an email server would be a one-time processing fee.
Your version of a CA sounds exaclty like a domain registrar. Why do we need another one?
Corporate IT folks give you VPNs to connect to their SMTP servers. ISPs and other servers are going to increasingly need to open up port 587 to get around port 25 blocks. Not being able to send mail through your real server is likely a very temporary problem that will be solved before sender authentication is widespread enough to drop mail.
you need a _domainkey in there: $ host -t TXT beta._domainkey.gmail.com beta._domainkey.gmail.c om text "t=y\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC69TURXN3o Nfz+G/m3g5rt4P6nsKmVgU1D6cw2X6BnxKJNlQKm10f8tMx6P6 bN7juTR1BeD8ubaGqtzm2rWK4LiMJqhoQcwQziGbK1zp/MkdXZ EWMCflLY6oUITrivK7JNOLXtZbdxJG2y/RAHGswKKyVhSP9niR sZF/IBr5p8uQIDAQAB"
Its thee.forward that survives, not the 'forward' button in your mail interface. If ebay sends a DomainKey signed mail to your pobox.com account, you can still prove that ebay sent it. With SPF, you can only say that pobox was that last to touch it.
>According to the article, sendmail is working on an implementation of it, for which I rejoice.
Its been available for several months
http://sendmail.net/dk-milter/
Well, crypto *will* force the zombie to go through a legit server. If it is authorized to do so, it's not a forgery. The ISP monitoring the SMTP server will have the ability to monitor the traffic, and hopefully shut down the infected machines. All that said, this is not a forgery problem -- its a spam problem, and we all know that authentication does not solve spam (right?!). Crytpo can stop forgery, but not spam.
I'd think the vast majority of MTAs reject mail rather than bounce it. The recipient system generally does not wish to consume extra resources in generating the bounce, queueing it and sending it off. So what's the problem? Viruses make the mail go through real SMTP servers, which effectively HAVE to accept the mail and make an effort to deliver it. Once its failed to deliver, then it MUST (in the RFC sense) generate the bounce. In short I don't think its generally the recipient MTA's fault.
If only senders implement, SPF does nothing for anyone. To be useful receivers have to do something. Global signatures (a la DomainKeys) is as easy to implement for receivers as SPF.
> The main problem with GPG is a lack of (a) mail clients using the standard MIME method of sending GPG emails and (b) lack of a good trust mechanism.
I think in this instance, the 2 main problems are that very few MTAs are MIME aware and that GPG is an obtrusive format. Early adopter's mail will look very weird to later adopters.
Slashdot Mirror
s/sending domain/bounce address' domain/ very different things.
And pray that your IP addresses don't get changed!
Really? I see tons of sites using Google technology to serve ads. There has got to be revenue in supplying that technology.
> Google Local is very nice and I find it pretty original. Didn't Yahoo Local launch before Google Local?
Sure was. Yahoo first started with their directory back when it was a stanfordresearch project. They eventually decided they needed search, so they used this cool search engine called Inktomi. And Inktomi became the biggest search engine out there. When it came time to renegotiate their deal, Inktomi got greedy, so Yahoo dropped them and began using Altavista. And Altavista became the biggest and best search engine out there. When it came time to renegotiate their deal, Altavista got greedy, so Yahoo dropped them and began using Google. And Google became the biggest and best search engine out there. When it came time to renegotiate their deal, Google got greedy, so Yahoo dropped them and bought Overture (which had just bought Altavista and Inktomi) so they could focus on search themselves.
> Not difficult, just do a MX lookup on the current host DNS and then use the results for a SMTP host.
Why not just take the hostname from Outlook when grabbing the username password?
>the ISP should force their users to authenticate with the server, using secure SSL
Tons of ISPs only do IP authentication right now. Convincing their customers to change Outlook settings (without resulting in a support call) is a very expensive proposition. Hopefully the ISPs will open port 587 at the same time and get users to change that setting at the same time.
Nah, no serious emailer either has a strict SPF record nor uses it in its receive logic.
this is why people are working on DomainKeys
So you are complaining about receiving mail that you asked for? Your company contacted AOL to set this up. Go check out your settings at http://postmaster.aol.com/fbl/fblcheck.html If you *really* want your complaints set to abuse@, then configure it that way. By the way, AOL sends us the full headers (minus To: and From:). We have yet to find a mail that did not originate from our network, though there are certainly invalid complaints.
Isn't this called RSS?
Actually, yahoo doesn't count the bulk folder against your disk space at all (nor the trash).
With all the port 25 blocking going on, mailbox providers will surely begin opening up the Submit port.
Umm, how is the receiver going to know to look in your DNS record? If the ISP signs it, they will put their domain as the record to look up.
I'd guess that ISPs and Mailbox providers will eventually offer services that will sign yourdomain.com mail for you -- just give them a private key for it and put the corresponding public key in DNS.
Your version of a CA sounds exaclty like a domain registrar. Why do we need another one?
Corporate IT folks give you VPNs to connect to their SMTP servers. ISPs and other servers are going to increasingly need to open up port 587 to get around port 25 blocks. Not being able to send mail through your real server is likely a very temporary problem that will be solved before sender authentication is widespread enough to drop mail.
Or even a standard one
you need a _domainkey in there:c om text "t=y\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC69TURXN3o Nfz+G/m3g5rt4P6nsKmVgU1D6cw2X6BnxKJNlQKm10f8tMx6P6 bN7juTR1BeD8ubaGqtzm2rWK4LiMJqhoQcwQziGbK1zp/MkdXZ EWMCflLY6oUITrivK7JNOLXtZbdxJG2y/RAHGswKKyVhSP9niR sZF/IBr5p8uQIDAQAB"
$ host -t TXT beta._domainkey.gmail.com
beta._domainkey.gmail.
Well, if Google, Yahoo (who created the spec, and indicated that they would be using it shortly), and AOL (who says they will begin testing in Q1) all use DomainKeys, we probably have a de facto email authentication standard.
Its thee .forward that survives, not the 'forward' button in your mail interface. If ebay sends a DomainKey signed mail to your pobox.com account, you can still prove that ebay sent it. With SPF, you can only say that pobox was that last to touch it.
>According to the article, sendmail is working on an implementation of it, for which I rejoice. Its been available for several months http://sendmail.net/dk-milter/
Well, crypto *will* force the zombie to go through a legit server. If it is authorized to do so, it's not a forgery. The ISP monitoring the SMTP server will have the ability to monitor the traffic, and hopefully shut down the infected machines. All that said, this is not a forgery problem -- its a spam problem, and we all know that authentication does not solve spam (right?!). Crytpo can stop forgery, but not spam.
I'd think the vast majority of MTAs reject mail rather than bounce it. The recipient system generally does not wish to consume extra resources in generating the bounce, queueing it and sending it off. So what's the problem? Viruses make the mail go through real SMTP servers, which effectively HAVE to accept the mail and make an effort to deliver it. Once its failed to deliver, then it MUST (in the RFC sense) generate the bounce. In short I don't think its generally the recipient MTA's fault.
Sendmail says DomainKeys adds 8-15% CPU load. Doesn't sound that expensive to me.
If only senders implement, SPF does nothing for anyone. To be useful receivers have to do something. Global signatures (a la DomainKeys) is as easy to implement for receivers as SPF.
> The main problem with GPG is a lack of (a) mail clients using the standard MIME method of sending GPG emails and (b) lack of a good trust mechanism. I think in this instance, the 2 main problems are that very few MTAs are MIME aware and that GPG is an obtrusive format. Early adopter's mail will look very weird to later adopters.