spf-discuss
[Top] [All Lists]

Re: provocative article at BusinessWeek about Yahoo DomainKeys, etc

2004-01-14 21:47:50
In <20040115033927(_dot_)GV6875(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng 
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:

This article makes it sound like Yahoo is pushing pretty hard with
domain keys.

  
http://www.businessweek.com/technology/content/jan2004/tc20040113_3442_tc047.htm

If the world decides to adopt Domain Keys, there are pros and cons.  The
biggest pro is that we could then abandon SRS with a sigh of relief.

Does anyone really understand what Domain Keys is supposed to do?  Are
there any specs available for it?

Does it sign the email body?  Or the headers?  Or both?

If it signs headers, it would have to skip the received headers for
sure, but would it have to skip others too?

If it signs just the body, what is to stop replay attacks?

Will everyone Yahoo! user have their email signed?  If so, what is
going to stop a spammer from sending a copy of the spam through Yahoo
once, pick up the signed result, and then spam away?


Or, will Domain Keys only be used on Officially Sanctioned Yahoo UBE?


The best that I can tell, Domain Keys is vague vaporware with a lot of
important questions left unanswered...


-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡