IETF Logo Mail Archive

Re: [Asrg] 6 - Yahoo Domain Keys

Matt Sergeant <msergeant@startechgroup.co.uk> Thu, 20 May 2004 00:07 UTC

Received: from optimus.ietf.org (www.iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA00388 for <asrg-archive@odin.ietf.org>; Wed, 19 May 2004 20:07:16 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQb4F-00037f-Re for asrg-archive@odin.ietf.org; Wed, 19 May 2004 20:05:48 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4K05lxP011999 for asrg-archive@odin.ietf.org; Wed, 19 May 2004 20:05:47 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQb2f-0002fP-8T for asrg-web-archive@optimus.ietf.org; Wed, 19 May 2004 20:04:09 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA00254 for <asrg-web-archive@ietf.org>; Wed, 19 May 2004 20:04:07 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQb2d-0007Cm-95 for asrg-web-archive@ietf.org; Wed, 19 May 2004 20:04:07 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQb1l-00076m-00 for asrg-web-archive@ietf.org; Wed, 19 May 2004 20:03:14 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BQb1W-00070N-00 for asrg-web-archive@ietf.org; Wed, 19 May 2004 20:02:58 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQayf-0001bd-D7; Wed, 19 May 2004 20:00:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQar5-0007GS-FZ for asrg@optimus.ietf.org; Wed, 19 May 2004 19:52:11 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA29685 for <asrg@ietf.org>; Wed, 19 May 2004 19:52:09 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQar3-0005oy-EO for asrg@ietf.org; Wed, 19 May 2004 19:52:09 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQaq9-0005j9-00 for asrg@ietf.org; Wed, 19 May 2004 19:51:13 -0400
Received: from smtp-1.star.net.uk ([212.125.75.70]) by ietf-mx with smtp (Exim 4.12) id 1BQapb-0005d2-00 for asrg@ietf.org; Wed, 19 May 2004 19:50:39 -0400
Received: (qmail 10270 invoked from network); 19 May 2004 23:50:01 -0000
Received: from unknown (HELO matt-dev.int.star.co.uk) (195.216.14.9) by smtp-1.star.net.uk with SMTP; 19 May 2004 23:50:01 -0000
Received: (qmail 8932 invoked from network); 18 May 2004 23:36:21 -0000
Received: from unknown (HELO ?10.2.100.178?) (10.2.100.178) by matt?dev.int.star.co.uk with SMTP; 18 May 2004 23:36:21 -0000
From: Matt Sergeant <msergeant@startechgroup.co.uk>
X-X-Sender: matt@localhost.localdomain
To: John Levine <asrg@johnlevine.com>
cc: "asrg@ietf.org" <asrg@ietf.org>, "bzs@world.std.com" <bzs@world.std.com>
Subject: Re: [Asrg] 6 - Yahoo Domain Keys
In-Reply-To: <20040519230041.22249.qmail@xuxa.iecc.com>
Message-ID: <Pine.LNX.4.44.0405200047490.8862-100000@localhost.localdomain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Thu, 20 May 2004 00:50:38 +0100
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60

On 19 May 2004, John Levine wrote:

> >Also, much spam from hijacked PCs seems to use the hijacked
> >PC's host, as in wasteofoxygen@dyn-83-155-31-99.ppp.tiscali.fr
> >
> >That sort of thing will get around these SPF/YDK approaches, right?
> 
> No, a valid DK signature tells you that the message really was signed
> by the domain in the From: line.  If there's a zombie'd PC at
> tiscali.fr, and it sends mail through Tiscali's mail servers using a
> tiscali.fr address, and the servers sign it (which, with half decent
> volume checks they wouldn't) it'll pass DK checks.
> 
> I agree that knowing that mail really came from woifnsdnskensk.com
> isn't very useful without a reputation system, but DK at least
> validates the actual mail that you see, not the envelope which you
> don't.

Unless the spec has changed since last time I read it, there's nothing in 
DK to say "mails from this domain are always signed with DomainKeys". 
Without that spammy just has to omit the DK header to get his mail 
through.

The problem as I see it is that DK is a whitelist system (where SPF is
really a blacklist system). It tells you that the mail is "valid"  
according to the signature. Mail without a DK header tells you nothing.

And so once spammers start publishing domainkeys we're pretty much back 
to square 1.

Matt.


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email