Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam The Internet

Yahoo! Develops Anti-Spam Architecture 283

prostoalex writes "Yahoo!, the owner of one of the largest e-mail systems in the world, is said to be developing a cryptographic product that will be offered freely to mail servers. 'Domain Keys,' according to the Reuters article, would require the message sender to authenticate in order for message to come across a trusted e-mail network. The idea has been around for ages, however, it required someone from the big league like Yahoo! to step in." While Yahoo! isn't the first name that comes to mind when I think of trusted email, it's still a step in the right direction.
This discussion has been archived. No new comments can be posted.

Yahoo! Develops Anti-Spam Architecture

Comments Filter:
  • by i_want_you_to_throw_ ( 559379 ) * on Saturday December 06, 2003 @09:25AM (#7647206) Journal
    But ultimately one has to worry about the lock that Yahoo! might have on servers once they get it installed all over the place.

    Could you imagine this becoming really popular and then Yahoo! getting bought by someone like oh say Microsoft? (or any other big commercial interest)
    • I can't see how they can "lock" anything since it is clearly stated that the initiative will be open sourced...

      Of course, Microsoft will probably figure out a way to break it so that it only works with their products but that's a different story...
      • by swb ( 14022 ) on Saturday December 06, 2003 @09:42AM (#7647300)
        It can be open sourced, but that doesn't mean anything about preventing lock-in.

        Presumably a 'domain key' is some cryptographic element that authenticates that your domain is who it claims to be. To me this sounds an awful lot like SSL where a third party issues the keys, or acts as a clearinghouse for self-issued keys.

        Either way, Yahoo could be the man in the middle acting as either issuer or clearinghouse. Think of it this way, OpenSSL is open sourced, but that doesn't keep the SSL issuers from having a lock on that market.
        • by RevMike ( 632002 ) <revMike@gmail. c o m> on Saturday December 06, 2003 @10:10AM (#7647430) Journal

          It can be open sourced, but that doesn't mean anything about preventing lock-in.

          Presumably a 'domain key' is some cryptographic element that authenticates that your domain is who it claims to be. To me this sounds an awful lot like SSL where a third party issues the keys, or acts as a clearinghouse for self-issued keys.

          Either way, Yahoo could be the man in the middle acting as either issuer or clearinghouse. Think of it this way, OpenSSL is open sourced, but that doesn't keep the SSL issuers from having a lock on that market.

          I don't see how lock in will be an issue. Imagine the following scenario:

          1. Originating mail software sends a message, including some token in the header that is encrypted using the sending mail server's private key.
          2. Zero or more intermediate mail server pass along the message.
          3. The destination mail server receives the message.
          4. The destination mail server looks up the domain of the message originator and requests that domain's public key.
          5. The destination mail server attempts to decrypt the token.
          6. If the token is successfully decrypted, the mail is delivered. The receiver knows the identify of the sending system with certainty. Email domains can't be spoofed.
          7. Otherwise the message is dropped.

          I can't see how this would neccesitate a clearinghouse.

  • "Trusted email" and "Yahoo!" should not be mentioned in the same sentence, except perhaps to say that these two things should not be mentioned in the same sentence.
    • Re:Trusted email? (Score:5, Insightful)

      by hey ( 83763 ) on Saturday December 06, 2003 @09:58AM (#7647356) Journal
      I use Yahoo mail and its very good.

      They have a pretty good spam catching service.
      It puts suspected spam in a "Bulk" folder. You can
      review this folder or just like it get purged after 30 days. Nice. You can also click on the "its not spam" / "this is spam" buttons to help them tune.

      They offer a SSL login and it was discuessed recently on Slashdot that they use the Javascriptcrypto library to calculate MD5's on the client side and send the digiest for seduvcity (maybe when you are not logging in with SSL).

      You can check your POP3/IMAP mailboxes. The resources come back color-coded.

      Good uptime. Always available.

      It's free. You can enought resources for reseaonable use. But you can buy more if you want.

      All this sounds exactly like a crypto-nerd and slashdotter would design a mail service. And this new thing is going to be opensourced!
      • I use Yahoo! mail as well, and I like it much better than Hotmail. I was impressed with their spam-catching until recently. It seems that I've been getting more and more spam in my inbox ever since they set up their new anti-spam interface. Has anyone else noticed this?
      • Comment removed based on user account deletion
  • Oh come on! (Score:3, Interesting)

    by Space cowboy ( 13680 ) on Saturday December 06, 2003 @09:27AM (#7647222) Journal
    SpamCon's Barrett cautioned "It's a good approach for those that are willing to use it," he said. "Any kind of cryptographic solution is going to involve some computing overhead, and that's not cheap."

    Whereas the latter completely true, I think the weakness of the argument is a testament to the idea being an excellent one. CPU horsepower is very very cheap. If Yahoo think they can do it, then who exactly will have a problem ?

    Just as long as I can incorporate it into my server, I'll be a happy bunny - all the other proposals put forward so far seem to limit the mail providers to the big boys ...
    Simon.
    • This needs HYPE (Score:3, Interesting)

      by Jesrad ( 716567 )
      Seriously. This solution needs the cooperation of most. It is the exact solution I have been longing for, and to be successful when it is released it needs every significant domain to follow suit. Your ISP won't use Domain Keys ? Rant to them till they do ! They still won't ? Set up your own MX and sign in to the certified network. Have your friends and relatives get aboard too.

      As soon as the certified network is considered a valid alternative to the current spam-ridden, scam-infested open email exchange s
  • Temporary (Score:3, Interesting)

    by dolo666 ( 195584 ) * on Saturday December 06, 2003 @09:27AM (#7647223) Journal
    But how am I going to get my special penis enlargement information now? And what about that family matter I am resolving with Mr. Mobotu?

    In all seriousness, I think this is a good idea. But, sadly, it's going to be cracked. Domain keys can be forged, and that will be the first thing that these spam servers will be focussing on right now. They'll set up a Yahoo acct and monitor traffic to see what the domain keys look like. They will then duplicate the acks and be back in business. It's only a matter of time.

    This is a good step, no doubt. It is just that we should be looking at ways of putting spammers out of business, too. Hit their wallets, not their tech. Tech can always be worked around, especially by dubious people.

    Instead of domain keys, I had a different idea that might work a lot better.

    What if nobody sent email over the Internet?

    Today we have the ability to use web forms to pass messages back and forth to other users on the same service. With that option, the server admin would be able to flag spammers and ban them. If you wanted to message another user of another server, you could type in their location as USERNAME@DOMAIN, and that would queue to be sent in batch to the other server after authentication.

    No outside contact. No spam. One message per customer. If you send more than a certain number of messages in a day, they are held as possible spam.

    Privacy goes out the window, but hey... it's not like there is any privacy in non-encrypted email anyway.
    • Not necessarily (Score:5, Interesting)

      by meldroc ( 21783 ) <meldroc@NoSpAM.frii.com> on Saturday December 06, 2003 @09:39AM (#7647285) Homepage Journal
      If they use decent encryption, cracking this scheme will be nearly impossible. If they use a digital signature algorithm such as DSA or MD5, or public key algorithms such as RSA, the computational power required to crack these keys will be far beyond the means of the richest spammers.

      Personally, I'd like to see two things.

      1. The software Yahoo! is developing should be open-source, so nobody can monopolize it. At the very minimum, the protocols involved should be well documented so open-sourcers can make their own implementations if they have to.

      2. Give this software a few months to propogate to a good chunk of the ISPs out there. Then, Yahoo! should announce that they will NOT accept any email that is not signed with this software. I'll guarantee that everyone will be using this new protocol in a matter of weeks, since no ISP wants customers screaming because they can't get mail through to Yahoo! accounts.

      • While some ISPs might quickly jump on the bandwagon to be able to accept mail from yahoo.com, most corporations will not. Even if Microsoft updates Exchange Server to support this, how many corporations are going to upgrade? It's a major deal to upgrade the email servers at a big company, and corporations that don't deal directly with consumers probably get an insignificant amount of mail from yahoo.com, so what's the business motivation? If it's so I can receive a personal email from a friend, my compan
        • Re:Not necessarily (Score:3, Insightful)

          by JohnFluxx ( 413620 )
          They add this module, and get a reduction in spam.

          Seems like a big business case to me - last I heard business didn't like spam. (.. except the spam business I suppose)
      • Re:Not necessarily (Score:2, Insightful)

        by zzxc ( 635106 )
        Not accepting it would be the wrong answer. It should be an option on an account to have a secure inbox with known-good mail, regular inbox that may have spam, and bulk which is mail known to come from spammers. This would be perfect to use as a spam assassin complete bypass. Regular mail could still come through, but would be subject to your filtering. This is definately a Good Idea.
      • Re:Not necessarily (Score:3, Insightful)

        by bokmann ( 323771 )
        Your comments are close... for better adoption, although over a longer time span:

        1) Software needs to be based on open standards. RFC90210 or something like that... Others need to be able to make implementations.

        2) Yahoo's implmentation should do ONE THING WELL. It shouldn't try to stick an advertisement on the bottom of my emails the way their groups tools do.

        3) Give the software a few months to propagate to a few major ISPs.

        4) On a given date, all email going through those servers that are not 'si
    • by Space cowboy ( 13680 ) on Saturday December 06, 2003 @09:40AM (#7647292) Journal
      The text of the article has to be wrong - they say the private key is delivered as a message header! Hmm, not very private...

      I'm assuming that what is sent out is an encypted token for which the public key can be used to decrpyt, so:

      • Alice wants to send an email to Bob.
      • Alice encrypts the MD5 checksum of the mail body content (or some other representative text, probably longer than 32 bytes!) using her private key, and embeds the resulting encoded string into a mail header
      • Bob receives the mail, and looks up Alice's public key to decrypt the token
      • Bob compares the decrypted token with the same representative text to see if they match.
      • Match => Read. No match => Put into 'Junk' folder


      So, the token to be encoded will change from mail to mail, thus making replay techniques pretty much impossible, I think. At least, that's the way I'd do it, and I'm pretty sure I've seen it presented before as well...

      On the other hand, I ain't a security expert, so there's probably a gaping hole in the above :-)

      Simon

      • > The text of the article has to be wrong - they say
        > the private key is delivered as a message header!
        > Hmm, not very private...

        That just means that the reporter is ignorant and careless. In other words, the usual kind.
      • Now, how's the public-key server going to survive DDoSing?

        Oh well, to think about it, it'll be "domain keys", so it won't be so hard to cache, I'm not sure how many domains with SMTP servers running out there, but say there are a particular server receives most of its email from a thousand particular domains, when each has 1024 bit keys, it would only take
        1000 * 1024/8 = 128000 bytes = 125 KB
        to store the public keys of those domains (not counting overhead).

        The real problem would be trying to decode all
        • Forgot to say as well, they really should implement something like DNS to store those keys. Secure DNS, of course, otherwise the spammers could just easily poison them.
        • I was sort of assuming there'd be another record-type added to the DNS protocol, so look up MXS rather than MX for example...

          I'm still not really convinced about the CPU argument. Anyone to whom it would apply is almost certainly an ISP or large company, and they can just throw slave machines at it, even as basic as using round-robin DNS for mx.mycompany.com.

          That's assuming the receiving daemon does the check, of course (which would be best, I reckon). You could always devolve the processing to the mail c
  • OS? (Score:3, Interesting)

    by awx ( 169546 ) on Saturday December 06, 2003 @09:28AM (#7647225)
    Does anyone know what software Yahoo's mailservers run?
    • Re:OS? (Score:4, Informative)

      by swb ( 14022 ) on Saturday December 06, 2003 @09:35AM (#7647259)
      $ telnet mx1.mail.yahoo.com 25
      Trying 64.157.4.78...
      Connected to mx1.mail.yahoo.com.
      Escape character is '^]'.
      220 YSmtp mta108.mail.sc5.yahoo.com ESMTP service ready


      It looks like they run YSmtp, just like everyone else I know. In all seriousness, I'd imagine there isn't much of Yahoo's infrastructure that isn't highly optimized for Yahoo's own use. I think that Yahoo did a lot with FreeBSD at one time, but I'd presume whatever they have isn't just an out of the box app.
      • Re:OS? (Score:2, Informative)

        by VZ ( 143926 )
        They run, or at least used to run a few months ago, a (possibly patched) version of qmail:

        http://www.qmail.org/top.html

        and search for "Yahoo". I also know it from an independent source because I discovered a bug in qmail:

        http://www.washington.edu/imap/IMAP-FAQs/index.h tm l#7.47

        while tracking a bug report cocerning my MUA.
    • I wonder if their POP3 server runs FreeBSD like their web mail server [netcraft.com].
  • So now... (Score:3, Funny)

    by Snaller ( 147050 ) on Saturday December 06, 2003 @09:33AM (#7647253) Journal
    ...you'll only be spammed by Yahoo??
    • Re:So now... (Score:5, Insightful)

      by gbjbaanb ( 229885 ) on Saturday December 06, 2003 @09:46AM (#7647315)
      yes, but now you'll know for sure that the email came from Yahoo - and not some forged return-to that dumps on some ordinary Joe's server.

      step, by step, the spam problem can be solved. That doesn't mean that you should not take the first step simply because it doesn't provide a total cure.
      • A friend of mine registered a domain for his wife, and set up a little vhost on his Apache/Linux/ADSL box. He also added her an MX record so she could be anyone@herdomain.com. Anyway, all of a sudden he rings me - his box is going absolutely mad. I logged on and worked out that someone has fired off a huge mortgage spam, with her domain as the reply to address. His 512k link was just saturated with returns, out of office messages, mailbox full messages, and people angrily contacting him to ask why he was se
    • AT least I know a company advertising with Yahoo is supporting something I care about. (a lot of mailing lists on groups.google.com...) So long as Yahoo doesn't get gready. In radio they only sell so many comercials, because they know eventially listeners change stations and when listenership goes down advertising dollars goes down. Maximizing profit is the goal, and they have figgured out how to do that. (though personally I think they all have way too many comercials)

      When I get a spam for enlargeme

  • Open standards? (Score:5, Insightful)

    by satyap ( 670137 ) on Saturday December 06, 2003 @09:38AM (#7647282)
    As long as it's an open standard that eventually becomes RFC3821, I'll be okay with it. But if it's one of those proprietary "pay us to participate" schemes, they can go jump. Oh, and there should be no scope for someone to say "pay us or we won't accept email from you.
    • RTFA: "Yahoo said its 'Domain Keys' software, which it hopes to launch in 2004, will be made available freely to the developers of the Web's major open-source e-mail software and systems" ... "Yahoo's proposal should be attractive to other e-mail providers because it is free and comes with no special restrictions."
    • Re:Open standards? (Score:3, Interesting)

      by Afty0r ( 263037 )
      there should be no scope for someone to say "pay us or we won't accept email from you.


      Why's that? If Yahoo doesn't accept email from anyone except the biggest 50 companies in the world who could afford to take part, you can place a bet that there won't be many people using their email service anymore.
    • And who are you to decide Yahoo can't make any money from this? If they create a piece of software and want to charge for it, that's their right. If they want to isolate their email service so that you have to license their software to be able to send mail to them, that's also their right. Nobody's being forced to use Yahoo mail, and nobody's being forced to send mail to their servers. Yeah, it might not be the smartest business move ever, and it would be nice to get the whole deal for free instead of p
  • but is that free as in freedom, or as in beer? will they be releasing specs so that possibly free-er alternatives can be made to interoperate with yahoos product? will they block out 3rd parties?

    if they do not share the technology completely, this is a bad thing as yahoo will have some kind of power over all email servers. the article doesnt go into those kind of details... does anyone know any more, and like to share the knowledge?

  • Obviously they must mean something besides the traditional notion of "private key" when they say "a private key is sent in the header, and the public key is used to decrypt it".

    Is this a mistake, or is there some other terminology this is following?
    • Obviously they must mean something besides the traditional notion of "private key" when they say "a private key is sent in the header, and the public key is used to decrypt it".

      They mean something is encrypted with the sender's private key, not that the key itself is sent.

    • For authentication you commonly encrypt some text (for example a checksum of the message) with your private key, and then anyone who has your public key can decrypt it and verify that you really did write that message (or at least whoever wrote it had your private key).
  • Yahoo is taking a standardization approach...the technology will be shared with open source and commercial developers, and the keys themselves will be put into the DNS system.

    I'll be interested to see how the details of how they attempt to protect the system from key forgery.
  • by Anonymous Coward on Saturday December 06, 2003 @09:43AM (#7647307)
    If someone announced a cure for all cancers, this crowd would immediately dismiss it because it could possible be bought by Microsoft. You pimply-faced pessimists remind my of Eor from Winnie the Pooh.

  • Broken already? (Score:5, Interesting)

    by CaptainSuperBoy ( 17170 ) on Saturday December 06, 2003 @09:44AM (#7647310) Homepage Journal
    • Re:Broken already? (Score:3, Informative)

      by Detritus ( 11846 )
      He seems to be confused about the difference between the "From:" line and the envelope. You can authenticate the sender's domain (HELO mailserv.bigisp.net) and let the user set the "From:" line to whatever they want.

      Maybe I don't understand the problem. I thought Yahoo's new scheme was designed to authenticate the mail server that originated a transaction with a Yahoo mail server, not to authenticate the domain in the "From:" line.

      • You seem to be a little confused yourself. There's a difference between the envelope FROM (the MAIL FROM parameter) and the HELO domain as well.
        • You're right. Is the following correct:

          1. HELO domain. Used in "Received:" headers.
          2. Envelope FROM. Used by MTA.
          3. "From:" header. Used by end-user's mail s/w.

      • Re:Broken already? (Score:3, Interesting)

        by uhoreg ( 583723 )

        I thought Yahoo's new scheme was designed to authenticate the mail server that originated a transaction with a Yahoo mail server, not to authenticate the domain in the "From:" line.

        That is correct. Yahoo's scheme is to provide authentication for the Received: headers, not the From: header. Currently, the Received: headers frequently get forged, so it is hard to tell where spam is coming from. A real person can usually tell fairly easily, but you can't reliably tell a computer how to do it. It would be

    • Coming off a party last night and very hungry and cranky, but let me see if I understand the article you posted:

      Yahoo's software won't work because most mail servers won't be set up with it.

      That's basically what the author of that article says. He gives two examples of mail servers that won't be containing the required software: his own domain, and a forwarding service on another domain. So what? So use a server that's set up with that software, and it works. Anyone not using that software will still
    • Summary of his argument: You couldn't send mail as foo@mydomain.net thorugh the mailservers at operated by your ISP.

      That really doesn't need to be an issue. If you legitimately own mydomain.net, you need to generate a public key/private key pair for that domain. Then configure mydomain.net to offer that public key. When you send mail through any server with a "from" of mydomain.net, you need to also use the mydomain.net private key. Your mail client should be able to do this easy enough. The mail se

    • From a home system to his mail server, nothing get's encrypted. ISPs that block port 25 forward the requests through their system and to his mail server where it's actually sent out. HIS mail server encrypts the message. Reciving servers then check the message based on the HELO or whatever. It only traces it back to the mail server it alledgedly came from. Not the person who sent the e-mail.

      Even if the ISP is for some reason taking over the whole job of sending the e-mail, it's very trivial to set up
  • by GillBates0 ( 664202 ) on Saturday December 06, 2003 @09:46AM (#7647313) Homepage Journal
    How do they propose to keep the encrypted private key secure? I did RTFA but couldn't find any explanation of how the encrypted version of the private key could not be spoofed since it is part of the message header.

    If the spammer...or anyone for that matter is spoofing a header anyway, it shouldn't be difficult to find out the encrypted private key, since it is sent out with every message originating from the domain.

    I could, presumably send an email from my secure email address to a non-existent email address of the domain whose encrypted private key I wish to find out: eg bounce@email.com. The bounced message should have it in the header.

    • by RevMike ( 632002 ) <revMike@gmail. c o m> on Saturday December 06, 2003 @10:33AM (#7647532) Journal

      How do they propose to keep the encrypted private key secure? I did RTFA but couldn't find any explanation of how the encrypted version of the private key could not be spoofed since it is part of the message header.

      If the spammer...or anyone for that matter is spoofing a header anyway, it shouldn't be difficult to find out the encrypted private key, since it is sent out with every message originating from the domain.

      I could, presumably send an email from my secure email address to a non-existent email address of the domain whose encrypted private key I wish to find out: eg bounce@email.com. The bounced message should have it in the header.

      The authentication token would likely be some sort of hash of the message contents. In that way, a token is only valid for that particular message. The sender would generate a checksum of the message, encrypt it with a private key, then transmit the encrypted checksum as the token. The receiver would generate the same hash of the message contents, and decrypt the token with the public key. If the decrypted checksum equals the generated checksum, then one can be confident that the message came from the server it said it came from.

    • The private key _isn't_ in the header. That's just the reporter garbling things in the usual reporter fashion. What is in the header is a message (probably the md5sum of the message body) encrypted with the domain private key. When you receive a message you look up the originating domain in dns, retrieve the public key, and decrypt the message. If it matches the md5sum of the message body you accept the message.
  • by rah1420 ( 234198 ) <rah1420@gmail.com> on Saturday December 06, 2003 @09:46AM (#7647316)
    The first time that I heard about a teergrube [iks-jena.de] to use as a way to block -- or at least make it damned difficult for -- spammers I was intrigued at its simplicity. And tho' I find references to it all over the 'net, I don't think that it has been mainstreamed yet, and frankly I don't know why. Have spammers developed a counter to a teergrube? Or do mail admins simply not know enough about them?
    • It's like the TARPIT target in IPtables - just keeps tcp connections open for ever. It slows down a TCP portscan pretty much. :)
  • One solution (Score:5, Insightful)

    by FonkiE ( 28352 ) on Saturday December 06, 2003 @09:53AM (#7647338)
    when you think about it, BUT this should come from IETF or some other body not from a company. A few important points:

    1) Who will issue the keys?

    2) Is anonymous mail possible if the receiver allows it?

    Furthermore spamming is a social problem emerging from our commercial world and technical solutions can never be 100%. What if:

    a) I send spam from a "secure" domain?

    b) forge certificates?

    c) the certificates are too expensive? (like SSL, I think it should be included with a domain)

    I like the "Bayes" spam filters best. You get 99.5% spam protection and keep anonymous mail.

    We all see the need for authenticated senders (biz communication, etc.), but we should be careful ...
    • Re:One solution (Score:2, Informative)

      by hattig ( 47930 )
      1) The domain owner/administrator (or their mail server administrator) I imagine. I expect that some tools will be available to generate the keypair. The public half will be configured on the DNS (would this require a new revision of BIND to handle a "DK" type or will a TXT field be abused for this?) and the private half will be installed into the mail server.

      When a mail from that domain goes via the mail server, the mail server will calculate the hash of the message and encrypt with the private key and ad
    • Re:One solution (Score:4, Insightful)

      by the uNF cola ( 657200 ) on Saturday December 06, 2003 @10:38AM (#7647571)
      ... this should come from IETF or some other body not from a company.


      We should expect something like this to come from the IETF, but big corps do good things all the time. What makes you uncomfortable about it? The privacy issue? If it's on the net and you want privacy, encrypt the content. But if you want to hit my network w/ SMTP, much less an ICMP package, I want to at least know who you are.

      Are you worrying who will govern the entire thing? Who do you trust? Some .org run by someone? Some corp? The gov't? All-in-all, you have to trust SOMEONE.
  • romancing the stone (Score:3, Interesting)

    by segment ( 695309 ) <sil AT politrix DOT org> on Saturday December 06, 2003 @09:54AM (#7647346) Homepage Journal
    AOL has recently started banning SMTP servers who don't have reverse addresses, as seen on the NANOG lists. Personally there are so many methods to eliminate spam that an administrator can take I don't see what the issue is.


    Me personally, if spam makes it through my filter, I ban off the offending address working my way up towards the class c - b - a. All attempts at a port 25 connection is drop point blank, http, https, etal are kept open. I also have dontspam#somefreemailaccount.com's to use for form shit. Once in a while when registering for say an upper-crust website account, I'll use something like msndoesntspam@mydomain.com to see who exactly is sharing my addresses, then null the account if I see anything odd coming in to that account, and never trust the site again. Procmail works the most wonders though.

  • by pe1chl ( 90186 ) on Saturday December 06, 2003 @09:58AM (#7647364)
    First let them implement some user account verification, so that a RCPT TO: results in a 550 reply when that user does not exist.
    This enables SMTP callbacks to stop spam being spoofed "from yahoo", just like everyone else does.
  • good to hear (Score:2, Interesting)

    by Down8 ( 223459 )
    I've used my Y! acct as my main (personal) e-mail acct since sometime in late 1998/early 1999, so I'm very glad to hear about this. Hopefully it will help combat the 100-200 SPAM msgs I get per day. The Bulk Mail folder was a step in the right direction, as it does catch the majority of the crap, and allows me to delete it with a single click.

    Thanks! Again! Yahoo!</elRegStyle>

    -bZj
  • So where's the info? (Score:4, Interesting)

    by TrebleJunkie ( 208060 ) <ezahurak@NoSpAM.atlanticbb.net> on Saturday December 06, 2003 @10:01AM (#7647375) Homepage Journal
    Okay, so they're developing a system that they'll release to open-source developers.... why not DEVELOP it in the open in the first place?

  • by Frisky070802 ( 591229 ) * on Saturday December 06, 2003 @10:04AM (#7647402) Journal
    As I understand it, the proposal requires public-key encryption for every email sent, done by the sender at the time of sending. (If the "private key" -- something encrypted with the private key -- could be computed once and reused in every message, it could be copied and replayed by a forger.) This can dramatically raise the overhead associated with sending mail. Perhaps that overhead is reasonable, perhaps not.

    Bala Krishnamurthy at AT&T Labs has given a number of talks recently, including to the IETF, on a spam disincentive program he calls SHRED [att.com]. My understanding is that it uses offline cryptographic computation to amortize this overhead and distribute it to parties willing and able to devote the computational resources.

    In any case, the tag line for this article had it right, standardizing this will be hard and heavy-hitters like Yahoo will need to take the lead. But a key problem is getting the new system to interoperate with the old.

    • I think I've come up with a better idea. See my proposal [healconsulting.com]. (The basic idea is this: MTAs implement anti-spam filters. Spam generates a 'spam alert', sent to 'abuse' at the site attempting to send/forward spam. The spam alert message then retraces its route as defined in its headers.)

      The advantages are

      1. Zero overhead for non-spam messages (as compared to what we have now)
      2. Disincentive to forward spam, as well as to create it
      3. Works within existing RFCs for SMTP, and retains the spirit of the Free Int
      • O'course, there have to be flaws with it, but no one has pointed them out to me yet.

        I'm glad you're humble about it -- let me be the first to try :)

        I think the idea of propagating abuse notifications is great, in theory. I'm wondering how it works in practice. There's nothing that says a sending host has to route mail via various intermediaries -- the spammer can simply inject a message via a willing ISP that aids and abets the spammers. You send a notification to that ISP, and it drops it on the floo

        • There's nothing that says a sending host has to route mail via various intermediaries...willing ISP ... drops

          That's right, and we don't care. The alert goes back as close to the originator as it can. They still have to process the message to find out it's an alert. For spammers sending lots of messages, that generates lots of alerts for everyone nearby, and stops the flow at the first non-spam server.

          The key is viewing spam as an error condition, and trying to notify the source of the error.

          One thing

          • For spammers sending lots of messages, that generates lots of alerts for everyone nearby, and stops the flow at the first non-spam server.

            If server spammer.com sends mail to user@yahoo.com that is spam, it can potentially go straight from spammer to yahoo, as far as the mail headers go. Sure, lots of routers see the mail at the IP level, but that's not known to yahoo when it gets the mail. All it does is send a complaint to spammer, which drops it on the floor.

            So in this case, yahoo is the first non-

    • The right question is not whether cycles are that cheap, but rather will you gain more cycles from spam reduction than you will expend in checksum calculation? Given the rising tide of spam, you don't need to reduce it much in order to make mail-signing a worthwhile proposition.

      As to interoperability: during the adoption period, one would have to accept both signed and unsigned mail, but as soon as it becomes obvious that mail-signing is a way to get legitimate mail past ever-stricter automatic mail filte
  • by Johnny Mnemonic ( 176043 ) <mdinsmore@@@gmail...com> on Saturday December 06, 2003 @10:07AM (#7647415) Homepage Journal

    From the article: Yahoo said its "Domain Keys" software, which it hopes to launch in 2004, will be made available freely to the developers of the Web's major open-source e-mail software and systems.

    But later: Garlinghouse also argued that Yahoo's proposal should be attractive to other e-mail providers because it is free and comes with no special restrictions. Is the GPL considered a "special restriction"? Will it not actually be GPL, just available to open systems?

    I'm guessing that you'll need to be a GPL mail server to both require the private key for receipt, and to be able to use the system to give the email the private key for sending. So, what will this do to non-open mail systems?
    • You could presumably send to a non-open system, as they will simply ignore the key if present, but will still accept email if absent.
    • Open systems that require the key to receive will presumably refuse email without the key (otherwise what's the point), which means that a mail system that's open that uses this methodology might gain the perception of "being broken" from the end users point of view. Of course, the admin setting up such a system would be well aware that some email will be refused, and will be prepared to handle refusals, either with a "bounce message", a phase in period that just gives a warning, etc.
    • Senders that use a non-open system that can't use this technology will find an increasing amount of their email being refused; at first they'll blame the recipient, but as this gets more widespread, they'll blame their own sending service. Is that the sound of IIS's mail server being obsoleted?
    • The end result will be that users of open systems will receive less spam, whereas users of closed systems will find themselves still receiving spam, and increasingly unable to send to others.

    Is Yahoo trying to break MicroSoft's mail service? Will this work? What's MSFT's option--reverse this and include it in their system anyways? Switch to an open system for a mail server, like, say, something based on a BSD license? Or ignore it, in an attempt to deprive it of critical mass?

    Indeed, this might all be moot; Yahoo might make it free and available to everyone, either on a free system or a non-free system; the article isn't clear as it says both. It could also be that MSFT already uses an OSS mailserver in IIS for all I know about MSFT product. But I suspect this is a power-grab, like everything else these days. And, I have to say, if it is I wish Yahoo the best of luck--this would be another demonstration of the power of OSS; it allows the community to change together on a dime and play well together. Whereas makers of proprietary systems each have to modify their own systems with their own coders.
  • It's always hard to know what an entity is really proposing when all you have to go on is a news story written by someone who is not technically competent. Even if one ignores the obvious technical errors in the Reuters story and replaces them with what the reporter probably meant (rather than what he did say) there seems to be one big problem with this proposal that either Yahoo! hasn't addressed, or, if they have addressed it, the reporter decided not to mention what they are doing about it.

    Consider t

    • Consider the common scenario in which a user marks his outbound mail as coming from domain X -- but X is only a forwarding service for inbound e-mail, like, say pobox.com or arrl.net. The outbound e-mail gets sent out through some other ISP. From the description in the article, it appears that somehow someone with the private key for domain X is somehow supposed to add something to the outbound e-mail; but that e-mail never goes anywhere near domain X.

      The obvious extension of this idea is if you have th

  • by esj at harvee ( 7456 ) on Saturday December 06, 2003 @10:26AM (#7647496) Homepage
    a thing to remember is that if someone can prevent a spammer from communicating based on identity (or lack thereof), you can be silenced as well.

    This is why I have put my efforts into sender-pay systems and specifically the camram project. We invite you to please come and join us in the effort to build a decentralized, user-friendly, freedom-of-speech supporting antispam system and hit spammers in the pocketbook.

    camram antique documentation [camram.org] (too busy writing code to write new documentation)
  • by poofmeisterp ( 650750 ) on Saturday December 06, 2003 @10:56AM (#7647677) Journal
    If they're offering it for free, BEWARE. IT'S A TRICK. There's some hidden patent they're going to decide to enforce once the entire world adopts the architecture.
    *waves hands ominously*
  • by kerubi ( 144146 ) * on Saturday December 06, 2003 @11:13AM (#7647749)
    Would you rather choose a Yahoo product over an open standard that is under development? I'm speaking of AMTP [ietf.org], of course. (See AMTP author's site). [bw.org]

    Yahoo's size doesn't give that much weight to their proposal. Yahoo's email is not used in business to business communication (do not count hot dog stands as businesses), so businesses can just aswell block everything that originates from *@yahoo.com if it is not directed to their consumer service department.

    Also, reverse mx [mikerubel.org] records provide much of the same benefits with minimal alterations needed to current email infrastructure. One DNS record added and small change in MTA software.

    If Yahoo would really like to do a service to the internet community, they should rather consider looking AMTP and reverse mx records.
  • by RealProgrammer ( 723725 ) on Saturday December 06, 2003 @11:16AM (#7647760) Homepage Journal

    Under Yahoo's new architecture, a system sending an e-mail message would embed a secure, private key in a message header. The receiving system would check the Internet's Domain Name System for the public key registered to the sending domain.

    If the public key is able to decrypt the private key embedded in the message, then the e-mail is considered authentic and can be delivered. If not, then the message is assumed not to be an authentic one from the sender and is blocked.

    For every message, I have to check and unpack the header, go out to some PK server, and validate the keys, before I decide to accept/reject? That introduces a big latency into SMTP.

    Also, this doesn't do anything to stop 'legitimate email marketers'. There's a death penalty (blacklist) for a site or particular sender's key, but nothing to stop a spammer from changing keys and starting over.

    Or will everyone have to get their own key pair? Who's going to validate them, and at what cost per key pair?

    This won't do a thing to stop spam, and imposes too big a burden on the infrastructure and on the 99% of us who don't spam.

  • Not for me (Score:3, Insightful)

    by bigberk ( 547360 ) <bigberk@users.pc9.org> on Saturday December 06, 2003 @11:31AM (#7647833)
    Require the message sender to authenticate in order for message to come across a trusted e-mail network

    Read: trusted network == commercial network

    Why do you think this is in the "Money & Investing" department (see the linked article). No, this isn't for me. Businesses may well choose to use something like this for their communications, but they will not have the pleasure of communicating with me. While SMTP has its flaws, it still allows any IP host to send mail to any other IP host and that is a good thing.

    To gain insight into what's going to happen with email and Internet communications in general over the next couple of years, you have to adopt a business mindset to see it from their eyes. There is a big problem (spam) hence a potential to make money. Various companies are going to try and cash in on this situation by offering a solution that might very well decrease spam -- some sort of commercially controlled communication network -- but this is definitely not in the best interest of the Internet. Of course, it's in the best interest of the company that's peddling the solution (duh!)

    The Internet isn't Compuserve, or AOL. It's a network of IP hosts, and those are the entities which should have a facility for sending communications back and forth. There is no need for a central carrier for communications

  • The proposal is very simple and most of the posts are just plain wrong about what it means.

    All mail servers will have a public/private key of some type. The public key will be stored in the DNS system as extra data.

    When an SMTP server connects to another SMTP server, the sending server will encrypt something (likely a checksum) with the private key for the domain the mail is from (likley the envelope from, not the From: header) and place it in a header.

    The receiving server will then grab the public key f
    • The proposal is very simple and most of the posts are just plain wrong about what it means.

      I get it, because it sounds like an idea I've been bouncing around for a while (e.g. See previous [slashdot.org] comments [slashdot.org] of mine)

      The mail server could add a header saying if the domain was verified and spamassassin could then adjust the spam rating of the message appropriately. Eventually servers would be configured to refuse mail from unverified domains.

      Exactly, and the main advantage of this is the network effect - if yah

  • My ISP was a while back taken over by Yahoo, so my email now resides on 'website.yahoo.com'. And for that I pay them a decent 15 bucks a month. However, for my money I enjoy the pleasure :-) to receive 10 times more SPAM than regular email. Including multiple 141 kB "Microsoft Security Update" viruses per day.

    When I asked Yahoo why they didn't do any SPAM filtering and even not deleted those very well known virusses, their reply was that I should upgrade to one of their small business offerings, which prov
  • It's good to see something like this coming from Yahoo. Yahoo is a reasonably neutral participant on the Internet -- they don't own an ISP (like AOL or Microsoft), or an operating system (like Microsoft), or their own mail client software (like, oh, say, Microsoft) -- so they won't feel inclined to lock particular parts of the world out.

    It's in Yahoo's best interest for this to become an open standard. And I'd much rather see an open standard than something like Palladium become a de-facto standard that
  • by Offwhite98 ( 101400 ) on Saturday December 06, 2003 @12:54PM (#7648424) Homepage
    The way the IETF and other standards bodies have worked is that some organization wouldtry out a new concept for a technology and once they feel the concept is working, they will create a Request For Comments (RFC) which allows others to implement and offer feedback. Over time the RFC gains support and ultimately becomes a recommendation.

    This process was used to create the internet today, including all of the network protocols and services that run on top of it. Even SMTP was an RFC first.
  • by McDutchie ( 151611 ) on Saturday December 06, 2003 @01:26PM (#7648648) Homepage
    1. This is the classic confusion of authentication with security. Authentication does not protect against spammers. The spammers will simply authenticate and keep right on spamming, and now they won't have to do tricks to circumvent the filters because the cert makes them "trusted". (One other example of this is the illusion of security caused by cryptographic authentication on the web. That hasn't stopped spyware sleazebags such as Gator/Claria; they just get their own certs.)
    2. Yahoo is an unrepentant spammer [google.com] and spam support service [google.com] itself. They reset your marketing preferences [slashdot.org] at their whim. Abuse reports routinely go to /dev/null. Any "anti-spam" solution coming from a spammer and spam supporter is necessarily a scam.
  • by Animats ( 122034 ) on Saturday December 06, 2003 @01:43PM (#7648773) Homepage
    This looks like a variation on the scheme to use DNS to distribute public keys for encrypted mail. It could even use the same key.

    The basic idea, as I understand it, is that the DNS for a domain holds a public key, and mail sent with a "from" address in that domain must be signed with that public key. That's an old idea, and not all that bad. You create your own public/private key pair; you don't have to buy a "certificate" from somebody. (I think.) If you control a domain's DNS info, you can send mail from anywhere with that domain listed as the sender, as long as you know the private key.

    For the free-mail services, it's fine. All their mail is authored via web applications and sent from their own servers. Only the service has the private key. Only the outgoing SMTP servers need to know the private key. That's the Yahoo Mail case.

    If you own a domain, you should have full control over your own public and private keys. But adding additional info to a DNS record is not well supported by most hosting services. If you're not running DNS yourself, you may have problems setting your public key. Hosting services have to support this.

    Signing can occur either in the original user agent (the SMTP sender) or in a mail forwarder. It's easier to implement this in mail forwarders, but if you want to send using a return address other than the one of the mail forwarder you're using, your user agent has to know how to sign mail.

    If you're downstream from an ISP and don't control a domain, the ISP owns the key for the domain and can control what they sign. That has implications. They might force you to use web mail, for example. Or run their client software on your machine.

    Spammers can still register domains, run their own DNS, sign their mail, and spam. It doesn't really stop spam.

    Your public key is now valuable, and a target for spyware and viruses. Expect to see viruses that steal public keys from (inevitably) Outlook and send them to spammers. Or just send spam from the attacked machine.

    What this really does is provide a clear way to identify joe-jobs using addresses from major mail services like Yahoo Mail. That helps Yahoo more than anybody else.

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...