Yahoo! Mail Now Using Domain Keys To Fight Spam 222
scubacuda points out this CNET story, writing "In addition to beefing up its storage (100MB -> 250MB), Yahoo! Mail has implemented Domain Keys to find spam. The idea is simple: give email providers a way to verify the domain and integrity of the messages sent. Sendmail, Inc. has released an open source implementation of the Yahoo! DomainKeys specification for testing on the Internet and is actively seeking participants and feedback for its Pilot Program. Yahoo! has submitted the DomainKeys framework as an Internet Draft, titled 'draft-delany-domainkeys-base-01.txt,' for publication with the IETF (Internet Engineering Task Force). The patent license agreement can be found here."
Patents and Standards .... (Score:4, Interesting)
Or even better a patent grant for code under "OSI approved" licenses
Seems to be a very nice Public key based system using standard RSA algorithm too . But I still want my ogg streams over DNS
Re:Licence (Score:5, Interesting)
(Although only in source & object code so not on boxes or ads and stuff, but even object code is already a problem)
It seems reasonable at first (Just one line saying 'thank you Yahoo') but it has the same problem as the BSD license had: You end up with an ever growing amount of lines of all kind of people wanting the world to know you used a pieco of their 'IP'.
Imagine a helloworld program like this:
~$hello
Hello world
This program was compiled using the GNU C compiler
This program uses header files written by Linus Torvalds.
This program was linked against the GNU C library
This program was written in the C language which contains IP from K&R.
This program uses SCO owned IP.
Would it be a great world if all software was like this?
Jeroen
Re:Is this going to help? (Score:5, Interesting)
Certanly.. Sending mail from your owned machine is a good start. Your machine, your MTA, your key, but not your message...
Expect more agressive attempts to find unpatched machines to become mail bots on the net.
Re:Is this going to help? (Score:1, Interesting)
99% of the time it's a spoofed header and if the sending server checks the from and sees that it does not match, it borks it back as refused to the sender?
if we simply remove the ability to create the header from the sender and only the server can then they have to put up servers and get blocked that way.
Heres why it stops spam (Score:2, Interesting)
DomainKeys makes it harder to send general spam as well. It allows spammers to be tracked. It also allows easy blacklisting of known spam servers. ISP's will be more strict about letting spammers use their SMTP servers out of fear of being blacklisted.
Finally, while it is possible for a spammer to change SMTP servers frequently, this adds significant financial overhead. I believe DomainKeys has the ability to eliminate all of the small spammers, as well as almost all phishing scams.