Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
Matthew Elvey <matthew@elvey.com> Thu, 20 May 2004 05:30 UTC
Received: from optimus.ietf.org (www.iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA14773 for <asrg-archive@odin.ietf.org>; Thu, 20 May 2004 01:30:27 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQg2S-0001c7-Nw for asrg-archive@odin.ietf.org; Thu, 20 May 2004 01:24:16 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4K5OGwE006203 for asrg-archive@odin.ietf.org; Thu, 20 May 2004 01:24:16 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQg1c-0001JN-4w for asrg-web-archive@optimus.ietf.org; Thu, 20 May 2004 01:23:24 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA14487 for <asrg-web-archive@ietf.org>; Thu, 20 May 2004 01:23:22 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQg1Z-00064j-8E for asrg-web-archive@ietf.org; Thu, 20 May 2004 01:23:21 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQg0h-0005vh-00 for asrg-web-archive@ietf.org; Thu, 20 May 2004 01:22:28 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BQfzv-0005mu-00 for asrg-web-archive@ietf.org; Thu, 20 May 2004 01:21:39 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQfuU-0007tt-Ia; Thu, 20 May 2004 01:16:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQfmJ-0005U4-Qc for asrg@optimus.ietf.org; Thu, 20 May 2004 01:07:35 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA14018 for <asrg@ietf.org>; Thu, 20 May 2004 01:07:33 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQfmG-0003iD-P4 for asrg@ietf.org; Thu, 20 May 2004 01:07:32 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQflN-0003Y5-00 for asrg@ietf.org; Thu, 20 May 2004 01:06:38 -0400
Received: from out2.smtp.messagingengine.com ([66.111.4.26]) by ietf-mx with esmtp (Exim 4.12) id 1BQfkr-0003O5-00 for asrg@ietf.org; Thu, 20 May 2004 01:06:05 -0400
X-Sasl-enc: rfXZ7y82hK4JelmXwM8Kyw 1085029505
Received: from elvey.com (adsl-63-195-86-147.dsl.snfc21.pacbell.net [63.195.86.147]) by mail.messagingengine.com (Postfix) with ESMTP id 17A0BBAC159; Thu, 20 May 2004 01:05:03 -0400 (EDT)
Message-ID: <40AC314F.9030501@elvey.com>
From: Matthew Elvey <matthew@elvey.com>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7b) Gecko/20040421
X-Accept-Language: en-us, en
MIME-Version: 1.0
Cc: ASRG <asrg@ietf.org>
Subject: Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
References: <40AAB82D.3090004@solidmatrix.com>
In-Reply-To: <40AAB82D.3090004@solidmatrix.com>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Wed, 19 May 2004 21:17:19 -0700
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=-8.0 required=5.0 tests=HABEAS_SWE autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Apropos Yahoo's DK I-D wannabe- http://antispam.yahoo.com/domainkeys/draft-delany-domainkeys-base-00.txt posted to this thread: It fails to meet IETF requirements for publication as an I-D, or for serious consideration by this group. This text is not allowed: "This document may not be modified, and derivative works of it may not be created. This document may only be posted in an Internet-Draft." I discussed DK with John Levine privately. My conclusions as a result of the conversation*: DK requires orders of magnitude more work to adopt, though not as much as SPF+SRS. DK is about as reliant on blacklists/reputation services as other proposals. Without them, CSV is not easier for a spammer to circumvent than DK or SPF. They all require that something be put in a DNS entry for a domain that costs approximately nothing to put there beyond the cost of the domain itself. DKs aren't signed by CAs, remember. Exploit: A spammer would have control of the DNS server for the responsible domain, and a BotNet spamming node would spam with a valid DK. The DK would be in the zombie worm that created the BotNet, or even communicated via IRC. So, I think DK is shown to be about as trivial to circumvent as the 40% solution / CSV+++. As has been said before, all the extant I-Ds, including this one, and C-ID can only work against spamers long term in conjunction with either A)RHSBLs or B)mandatory (but not necessarily monopoly/oligopoly) reputation services. *(Don't want to quote from private email without asking for an OK, so here's just what I said that stood.) _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] [Fwd: Yahoo! Mail Publishes Specification … Yakov Shafranovich
- [Asrg] 6 - Yahoo Domain Keys Chris
- Re: [Asrg] 6 - Yahoo Domain Keys Seth Breidbart
- Re: [Asrg] 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] 6 - Yahoo Domain Keys John Levine
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… John Levine
- [Asrg] Re: 6 - Yahoo Domain Keys Philip Miller
- Re: [Asrg] 6 - Yahoo Domain Keys Alan DeKok
- Re: [Asrg] 6 - Yahoo Domain Keys George Ou
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Mark Baugher
- Re: [Asrg] 6 - Yahoo Domain Keys Matt Sergeant
- Re: [Asrg] Re: 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] 6 - Yahoo Domain Keys Seth Breidbart
- Re: [Asrg] Re: 6 - Yahoo Domain Keys der Mouse
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… William Leibzon
- Re: [Asrg] 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] Re: 6 - Yahoo Domain Keys William Leibzon
- Re: [Asrg] 6 - Yahoo Domain Keys George Ou
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Matthew Elvey
- RE: [Asrg] 6 - Yahoo Domain Keys Chris
- RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Chris
- blacklisting throwaway domains, was Re: [Asrg] Re… Tony Finch
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… John Capo
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Yakov Shafranovich
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Yakov Shafranovich
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Matthew Elvey
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Yakov Shafranovich
- RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… William Leibzon
- RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Chris