Re: [Exim] Yahoo DomainKeys...

Top Page
Delete this message
Reply to this message
Author: Andre Grueneberg
Date:  
To: Andreas Steinmetz
CC: Dean Brooks, exim-users
Subject: Re: [Exim] Yahoo DomainKeys...
--
Andreas Steinmetz wrote:
> > http://antispam.yahoo.com/domainkeys
> Sorry, but my point of view is that this system is utter bullshit.


I have to second this, but for other reasons.

> 1. There already exist solutions which require less processing power
>    (think of high throughput MTAs) and are proven to work, e.g.
>    SPF , see spf.pobox.com (Greg? <me ducks>)


At least they don't tell the fairy tale of spammers with limited
ressources, do they? These people have access to big clusters (AKA worm
infected systems).

> 2. What I really laugh at is the 'that the message was not tampered
>    with' part. And who the f..k asserts that the message wasn't
>    tampered with between sending MUA and MTA (evil grin)?


I think they'll tell you, that SMTP AUTH exists and the connection
between MUA and MTA is considered save. As far as I understood the
system, domainkeys only works between MTAs.

> 3. If you wan't to sign a message there's well known and better
>    solutions like PGP/GnuPG that just don't fit a certain company's web
>    mail service.


Adding the signature at the MUA would require the private key to be
available to the end system -- you remember those systems offering
remote access to spammers. Thus making the whole system vulnerable.

But the biggest point: like SPF, domainkeys makes using other relays
impossible. This is just what these big web mail companies want their
customers to do. If you don't buy SMTP access for $MONEY, you'll have to
use our web interface -- even for sending mail with that address. I
don't know, who's developing those "anti-spam" systems, technicians or
managers, but I tend to the last. ;)

Andre
--
Im a doctor, not a magician! -- Bones McCoy
--
Content-Description: Digital signature

[ signature.asc of type application/pgp-signature deleted ]
--