Yahoo! Mail Now Using Domain Keys To Fight Spam

scubacuda points out this CNET story, writing "In addition to beefing up its storage (100MB -> 250MB), Yahoo! Mail has implemented Domain Keys to find spam. The idea is simple: give email providers a way to verify the domain and integrity of the messages sent. Sendmail, Inc. has released an open source implementation of the Yahoo! DomainKeys specification for testing on the Internet and is actively seeking participants and feedback for its Pilot Program. Yahoo! has submitted the DomainKeys framework as an Internet Draft, titled 'draft-delany-domainkeys-base-01.txt,' for publication with the IETF (Internet Engineering Task Force). The patent license agreement can be found here."

Patents and Standards ....

[Gopal.V]

If it gets accepted as an RFC standard, I think we all deserve a royalty free patent grant :)

Or even better a patent grant for code under "OSI approved" licenses ... (*wishful thinking*)

Seems to be a very nice Public key based system using standard RSA algorithm too . But I still want my ogg streams over DNS ... not just Domain public keys :)

Re:Licence

[pe1rxq]

Its a bit like the BSD with advertising license...
(Although only in source & object code so not on boxes or ads and stuff, but even object code is already a problem)
It seems reasonable at first (Just one line saying 'thank you Yahoo') but it has the same problem as the BSD license had: You end up with an ever growing amount of lines of all kind of people wanting the world to know you used a pieco of their 'IP'.

Imagine a helloworld program like this:

~$hello
Hello world
This program was compiled using the GNU C compiler ,Copyright The Free software foundation, Richard Stallman, etc
This program uses header files written by Linus Torvalds.
This program was linked against the GNU C library
This program was written in the C language which contains IP from K&R.
This program uses SCO owned IP.


Would it be a great world if all software was like this?

Jeroen

Re:Is this going to help?

[Technician]

Can't spammers just get verified domains to send their mail from?


Certanly.. Sending mail from your owned machine is a good start. Your machine, your MTA, your key, but not your message...

Expect more agressive attempts to find unpatched machines to become mail bots on the net.

Re:Is this going to help?

[Anonymous Coward]

wouldn't having the sending servers wrap up the headers and md5sum them also work?

99% of the time it's a spoofed header and if the sending server checks the from and sees that it does not match, it borks it back as refused to the sender?

if we simply remove the ability to create the header from the sender and only the server can then they have to put up servers and get blocked that way.

Heres why it stops spam

[Jahz]

There seems to be alot of confusion amound /.ers about how SPF and DomainKeys fight spam. The primary accomplishment of these technologies is to make it difficult to scam e-mail recipiants. e.g. you cant pretent to be Bank of America anymore.

DomainKeys makes it harder to send general spam as well. It allows spammers to be tracked. It also allows easy blacklisting of known spam servers. ISP's will be more strict about letting spammers use their SMTP servers out of fear of being blacklisted.

Finally, while it is possible for a spammer to change SMTP servers frequently, this adds significant financial overhead. I believe DomainKeys has the ability to eliminate all of the small spammers, as well as almost all phishing scams.