Re: Opening Debate on SPF vs. SenderKeys
2004-08-20 13:10:08
On Fri, 20 Aug 2004 12:07:54 -0700,
<Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AccuSpam wrote:
I was hoping others here would go directly into substantively
comparing which scenarios SPF and SenderKeys are more viable
than each other.
require MUA upgrades. Consider this message, signed with PGP using
Windows Privacy Tools, all open-source despite that I'm using Outlook
2000.
... with SenderKeys, the ISP or personal domain user,
simply responds to a enticement e-mail
Enticement email = spam, sorry.
I get a different read on this algorithm; perhaps if I re-summarize it:
SenderKeys is like PGP in that messages are signed using public-key
encryption.
Additionally, if a message is not signed, the receiver can generate a free
private key using his authority server for the sender address and mail it
back to the user in the "enticement" email. Its not mentioned, but
presumably if he doesn't trust your authority server he could ignore the
signature and send you an additional key (the SenderKeys docs mention that
multiple signatures may be included with the message).
If your MUA has already been upgraded, it should intercept this message
and start using that private key to send emails automatically. Otherwise,
there will be a link in there telling you how to upgrade your MUA.
Thus the problem is completely localized to the MUA, satisfying his
apparent goal - to avoid changes on the server.
I imagine there would be a market among advanced computer users (someone
who would install Windows Privacy Tools, maybe) who are using the email
address and mail servers provided their ISP (e.g. joe(_at_)aol(_dot_)com) and are
therefore unable to implement filtering etc. on the server-side.
The implementation would have to be careful, however, not to repetitively
send enticement mails to people who don't install SenderKeys, because
SenderKeys will not be accessible to everyone.
The SenderKeys overview mentions that you could configure it to only send
the enticement if the user is blacklisted (as opposed to
non-whitelisted). I suppose this means that if you start receiving spam
from a particular address you blacklist it manually; if it is a real user
they will be forced to install SenderKeys in order to communicate (or is
there a challenge-response backup?). In the blacklist case, the
'enticement emails' would be delivered as bounces I suppose.
My suspicion is that this would become the most common use. I used to use
tmda and I have disabled its challenge-response mechanism because it is
too confusing for novice users and blocks receipts, mailing list
confirmations, and order confirmations from online services. In this
mode, however, SenderKeys is not an anti-spam solution for the receiver,
it just prevents impersonation when sending mail to other SenderKeys users
and allows SenderKeys users to bypass the blacklists of other SenderKeys
users. Spammers can continue to bypass the system the same way they've
been bypassing blacklists all along.
Compared to tmda:
- tmda only requires intallation on the receivers' side
- tmda does not require senders to upgrade their MUA
- SenderKeys allows an address to be whitelisted only if its messages are
cryptographically signed
- whereas in tmda you can tell them to use a sender-specific address to
email you
Note: If you are willing to upgrade the senders' MUA, then of course you
could automate the process of acquiring a tmda sender-specific email
recipient address; this would be functionally equivalent to SenderKeys
except the message body would not be protected from tampering.
I don't aticipate that spammers will tamper - oh the horror! I can just
see a letter from my mother suffixed with a bunch of random words and a
link to some maternal rape site.
Compared to SPF:
- with SPF, *(_at_)domain are taken care of, SenderKeys does individual sender
addresses
- with SPF, central administration is dealt with using DNS; SenderKeys
include an authority URL with each key, and any user may have a keypair on
any authority
- SenderKeys can be installed without adminstrating a server (except the
authority server, perhaps)
- SenderKeys uses cryptographic signatures to identify the sender, SPF
uses the IP address of the delivering server
- SPF spreads by accompanying the old mantra "close open relays!" with a
new mantra "close open domains!", SenderKeys spreads from person to person
as the enticement bounces are read by non-users (these messages are
automatically handled and removed by the SenderKeys software).
I would give SenderKeys an overall thumbs down. MUA-based solutions don't
gain traction. Blacklist-based systems don't stop SPAM. And
whitelist-based systems block the most important mail - "Your order has
been shipped" and "Please confirm your email address".
Wow... what a long message! I apologize, but I wanted to be thorough to
aviod confusion.
CU
Dobes
|
|