--
Andreas Steinmetz wrote:
> > http://antispam.yahoo.com/domainkeys
> Sorry, but my point of view is that this system is utter bullshit.
I have to second this, but for other reasons.
> 1. There already exist solutions which require less processing power
> (think of high throughput MTAs) and are proven to work, e.g.
> SPF , see spf.pobox.com (Greg? <me ducks>)
At least they don't tell the fairy tale of spammers with limited
ressources, do they? These people have access to big clusters (AKA worm
infected systems).
> 2. What I really laugh at is the 'that the message was not tampered
> with' part. And who the f..k asserts that the message wasn't
> tampered with between sending MUA and MTA (evil grin)?
I think they'll tell you, that SMTP AUTH exists and the connection
between MUA and MTA is considered save. As far as I understood the
system, domainkeys only works between MTAs.
> 3. If you wan't to sign a message there's well known and better
> solutions like PGP/GnuPG that just don't fit a certain company's web
> mail service.
Adding the signature at the MUA would require the private key to be
available to the end system -- you remember those systems offering
remote access to spammers. Thus making the whole system vulnerable.
But the biggest point: like SPF, domainkeys makes using other relays
impossible. This is just what these big web mail companies want their
customers to do. If you don't buy SMTP access for $MONEY, you'll have to
use our web interface -- even for sending mail with that address. I
don't know, who's developing those "anti-spam" systems, technicians or
managers, but I tend to the last. ;)
Andre
--
Im a doctor, not a magician! -- Bones McCoy
--
Content-Description: Digital signature
[ signature.asc of type application/pgp-signature deleted ]
--
