Re: [Exim] Yahoo DomainKeys...

Página Inicial
Delete this message
Reply to this message
Autor: Nathan Ollerenshaw
Data:  
Para: exim-users
Assunto: Re: [Exim] Yahoo DomainKeys...
Hi Andreas,

On 5/19/04 9:49 AM, "Andreas Steinmetz" <ast@???> wrote:

>>    http://antispam.yahoo.com/domainkeys

>>
>
> Sorry, but my point of view is that this system is utter bullshit


Heh :)

> 1. There already exist solutions which require less processing power
>     (think of high throughput MTAs) and are proven to work, e.g.
>     SPF , see spf.pobox.com (Greg? <me ducks>)


I always though SPF was a great solution due to its simplicity. Nobody wants
to implement anything that is overly complex, SPF fits right in with our
current infrastructure and requires little additional resources (one extra
DNS lookup per mail?)

> 2. What I really laugh at is the 'that the message was not tampered
>     with' part. And who the f..k asserts that the message wasn't
>     tampered with between sending MUA and MTA (evil grin)?

>
> 3. If you wan't to sign a message there's well known and better
>     solutions like PGP/GnuPG that just don't fit a certain company's web
>     mail service.


Well, personally I think that signing messages on the server side could be
valuable for some people (companies) that don't want to have to roll
out/maintain client side certificates etc. In a large organisation with non
tech-savvy people, it can be a real pain, and means most companies don't
bother.

That said, the only thing I can see domainkeys doing more than SPF is to
increase the CPU load on the MTAs involved ;) Signing messages isn't a
requirement for stopping spam, verifying the sending MTA is - and that's a
problem that has been solved by SPF.

> I'm not going to discuss this further. It is OT anyway.


Probably, but it is relevant for the vast majority of people who administer
mailservers, and it probably helps to have short discussion so that people
new to the field can at least see some differing views.

Regards,

Nathan.

--
Nathan Ollerenshaw - Unix Systems Engineer
ValueCommerce - http://www.valuecommerce.ne.jp/