Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Yahoo! Mail Now Using Domain Keys To Fight Spam

timothy posted more than 9 years ago | from the also-makes-great-sushi dept.

Spam 222

scubacuda points out this CNET story, writing "In addition to beefing up its storage (100MB -> 250MB), Yahoo! Mail has implemented Domain Keys to find spam. The idea is simple: give email providers a way to verify the domain and integrity of the messages sent. Sendmail, Inc. has released an open source implementation of the Yahoo! DomainKeys specification for testing on the Internet and is actively seeking participants and feedback for its Pilot Program. Yahoo! has submitted the DomainKeys framework as an Internet Draft, titled 'draft-delany-domainkeys-base-01.txt,' for publication with the IETF (Internet Engineering Task Force). The patent license agreement can be found here."

cancel ×

222 comments

GNAA OWNS YOU (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10840384)

GNAA Research: Was Jesus a NIGGER?
GNAA Research: Was Jesus a NIGGER?

Many people are surprised to discover that Christ was a black man, but when one looks at Christ's lineage one discovers that He has numerous Hamatic Ancestors, with Tamar, Rahab, Ruth, Naomi, Bathsheba and Jezabel being the most notable.

Here are the facts:

  • In ancient times, including Jesus' time, the Arabian peninsula was considered part of what we now call Africa, not "the Near East" or "the Middle East".
  • Christianity is frequently portrayed as "the White Man's religion". The truth is that most of the people in the Bible were people of color (i.e., not "Anglo"): Semitics, blacks, and Mediterranean, e.g., Romans.
  • In the United States today the general view on whether someone is "black" is the One-Drop Rule -- if a person has any black ancestors s/he is considered "black", even with a clearly Anglo skin color, e.g., Mariah Carry, Vanessa L. Williams, LaToya Jackson.
  • Jesus' male ancestors trace a line from Shem. However, ethnically and racially, they were mixed Semitic and Hamitic from the times spent in captivity in Egypt and Babylon. Rahab and probably Tamar were Canaanites. Although Canaanites spoke a Semitic language, they were descendants of Ham through his son Canaan. Bethsheba, who had been the wife of Uriah the Hittite, probably was a Hamitic (black) Hittite herself.

About GNAA Research

GNAA Research is a subsidiary of Gay Nigger Association of America, located in the United Kingdom. GNAA Research focuses on various controversial studies related to african-american and other racial issues.


About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?
Are you a NIGGER [mugshots.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!
  • First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. You can download the movie [idge.net] (~130mb) using BitTorrent.
  • Second, you need to succeed in posting a GNAA First Post [wikipedia.org] on slashdot.org [slashdot.org] , a popular "news for trolls" website.
  • Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today! Upon submitting your application, you will be required to submit links to your successful First Post, and you will be tested on your knowledge of GAYNIGGERS FROM OUTER SPACE.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is NiggerNET, and you can connect to irc.gnaa.us as our official server. Follow this link [irc] if you are using an irc client such as mIRC.


If you have mod points and would like to support GNAA, please moderate this post up.

.________________________________________________.
| ______________________________________._a,____ | Press contact:
| _______a_._______a_______aj#0s_____aWY!400.___ | Gary Niger
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ | gary_niger@gnaa.us [mailto]
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ | GNAA Corporate Headquarters
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ | 143 Rolloffle Avenue
| ________"#,___*@`__-N#____`___-!^_____________ | Tarzana, California 91356
| _________#1__________?________________________ |
| _________j1___________________________________ | All other inquiries:
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid Indian
| ____!4yaa#l___________________________________ | enid_indian@gnaa.us [mailto]
| ______-"!^____________________________________ | GNAA World Headquarters
` _______________________________________________' 160-0023 Japan Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2

Copyright (c) 2003-2004 Gay Nigger Association of America [www.gnaa.us]

With from Nath0rn. I love you GNAA, have my babies.

Is this going to help? (2, Insightful)

Anonymous Coward | more than 9 years ago | (#10840392)

Can't spammers just get verified domains to send their mail from?

Re:Is this going to help? (5, Insightful)

mdfst13 (664665) | more than 9 years ago | (#10840440)

"Can't spammers just get verified domains to send their mail from?"

Sure, and if they do illegal things with their verified domains, those domains can be suspended and their purchase tracked. If they do legal but distasteful things with their verified domains, we can block the domain.

SPF, Sender/Caller ID, and Domain Keys are all basically identity verification services. They allow responses to emails that assume that the sender information is correct.

Re:Is this going to help? (0)

asuffield (111848) | more than 9 years ago | (#10840625)

If they do legal but distasteful things with their verified domains, we can block the domain.

Of course, you can already block their domain; none of these things actually help there.

Perhaps you are labouring under the illusion that it is expensive to setup a domain covered by this stuff. It isn't. Spammers will just continue as they always have.

Re:Is this going to help? (4, Informative)

luvirini (753157) | more than 9 years ago | (#10840686)

I think you are missing the point.

Today I can easily send mail seemingly coming from any domain. The idea with this is that the sender can be verified to come from the named domain. Ie. To stop domain spoofing.

Ofcuourse spamers can set up domains for the purpose of sending Spam, but they will be easier to track, as you can be sure the sender is actually connected to that domain.

Further many of todays Scam pretend to come from your bank, sent with authentic Email address. With this, if you get email from the bank, you can be sure atleast that the email came from the email server of that bank (though as usualy you should be careful)

Re:Is this going to help? (2, Insightful)

dnoyeb (547705) | more than 9 years ago | (#10841103)

This favors heavily webmail and other in-domain authorized sending schemes.

So now people will get the impression that you can now reject from addresses with domains that don't match the servers they were sent through.

But have you checked headers? Only time from addresses match the server address is with webmail or other in-domain type of sending mechanisims.

For instance, my domain is hosted on a remote server as a home user without mounds of $$$. But my smtp is comcast because that is my ISP. So the from will be my domain but the server will be comcast. So are we going to reject everyone else who refuses to use their ISPs email service but is forced to use their SMTP?

Re:Is this going to help? (1)

otprof (614444) | more than 9 years ago | (#10841351)

So are we going to reject everyone else who refuses to use their ISPs email service but is forced to use their SMTP?

In a word, yes.

Re:Is this going to help? (1, Interesting)

Anonymous Coward | more than 9 years ago | (#10840679)

wouldn't having the sending servers wrap up the headers and md5sum them also work?

99% of the time it's a spoofed header and if the sending server checks the from and sees that it does not match, it borks it back as refused to the sender?

if we simply remove the ability to create the header from the sender and only the server can then they have to put up servers and get blocked that way.

Re:Is this going to help? (4, Interesting)

Technician (215283) | more than 9 years ago | (#10840528)

Can't spammers just get verified domains to send their mail from?


Certanly.. Sending mail from your owned machine is a good start. Your machine, your MTA, your key, but not your message...

Expect more agressive attempts to find unpatched machines to become mail bots on the net.

Re:Is this going to help? (1)

jokumuu (831894) | more than 9 years ago | (#10840802)

In the case of a windows computer(as is the backbone of most botnets) there is normally no MTA configured. Instead the bots will install their own MTA, thus this stops such reasonably well.

Re:Is this going to help? (0)

Anonymous Coward | more than 9 years ago | (#10840836)

And what is Outlook Express using to send out e-mails?

It doesn't need to be a local MTA, it just needs to be there.

Re:Is this going to help? (5, Informative)

Anonymous Coward | more than 9 years ago | (#10840752)

firstly, there is a big difference between SPF and DomainKeys. SPF is an IP based solutions looking at the most recent IP address from where an email came. Unfortunately this breaks frequently given the prevalance of email forwarding systems (vanity domains and university email systems that provide life long forwarding) and thus, while SPF could be a positive step, it doesn't allow the receiving system to apply the reputation of a domain (or IP address) credibly and universally.

In contrast, DomainKeys is a signature based or crypto solution that uses a public private key set to enable a receiving mail provider to know definitively if the mail came from the domain it says it came from - regardless of the most recent (forwarding system) IP address.

Does this help? unquestionably. With a robust authentication system in place (DomainKeys) - Y! Mail can apply with more confidence the reputation engine - at Y! this is called SpamGuard and benefits immensely from user reports saying "spam" and "not spam". As other's have wondered in this thread, even if it's a new domain, with no reputation - this in and of itself is helpful and by definition more suspicious. If its not a new domain and spammers are just using domainkeys - the reputation can be enforced reliably.

DomainKeys provides definitive authentication of the sending Domain. I think of this as the first domino in a long line of Dominoes that needs to be knocked over to truly root out spam. The good news is that DomainKeys knocks this first one over in reliably providing identity of the sending domain - now it's up to the industry to keep knocking over additional Dominoes.

Big boys (3, Insightful)

martingunnarsson (590268) | more than 9 years ago | (#10840400)

This is exactly what we need, the really big companies can to a great deal to prevnt spam from being profitable. It all makes sense. If the major e-mail providers (Hotmail, Yahoo, Gmail etc.) find a way to prevent spam from reaching their inboxes, the number of people who recieve a certain spam message will be drasticly cut. It's also these big companies that have to pay the most for spam I think, in bandwidth and storage costs etc. I just hope the big players can descide on a single standard so we can see some action instead of just talk talk talk.

Re:Big boys (5, Insightful)

major.morgan (696734) | more than 9 years ago | (#10840498)

While I think ideas like DomainKeys are a step in the right direction, I don't think that the proposition that the "Big Boys" are the key to cutting back spam is on target. I get very little spam with hotmail, essentially none with gmail. I think the "Big Boys" can take care of themselves (and their users) alright, it's the myriad of small business domains, fansites, home based websites, misc. forums, etc. It's the little guys that are profitable (because they are easy) - simply due to their lack of involvement and in-depth technical savvy.

Any solution needs to be EXTREMELY widely adopted and easy to implement. In order to achieve this it has to be simple to understand, definately of friendly license and easy (and free) to implement on *ANY* MTA. Finally it must hold the promise to the small guy that it will reduce spam.

I would ask how many of you (or someone you know) has wound up on one of the RBL lists? Was it through a simple configuration error, from simply not understanding the implications of all of the configuration options or from just trying to solve a problem (such as the boss not being able to send mail)? At the same time, how many actually just check the RBL's on incoming mail? It's the simplest, cheapest way to reduce spam, yet....?

If most don't implement what we have already, we should anyone expect widespread implementation (key to success) of a new system?

Re:Big boys (1)

v01d (122215) | more than 9 years ago | (#10840691)

I would ask how many of you (or someone you know) has wound up on one of the RBL lists?

I have. It had nothing to do with me, the RBL (can't remember which) just screwed up. It took about a week to recover.

It's the simplest, cheapest way to reduce spam, yet....?

Yet, email is vital to the daily operations of the company. I can't hand control over to some group that is completely unaccountable.

Re:Big boys (1)

SillyNickName4me (760022) | more than 9 years ago | (#10840882)

> If most don't implement what we have already, we should anyone expect widespread implementation (key to success) of a new system?

The problem is that quite a few people have a very strong dislike of RBLs, and will not use them as a matter of principe. Others feel less strongly, but believe that the drawback of the RBL solution is bigger then what it gets us. (you can argue a lot about this, but there are people who feel that way, accept it as a fact for the sake of the discussion about domainkeys)

So, that people don't implement what is there has its reasons, and will not directly affect if peopel will implement things like domain keys or spf really.

Re:Big boys (2, Informative)

Jugalator (259273) | more than 9 years ago | (#10840507)

Gmail already support DomainKeys too.

Re:Big boys (1, Funny)

littlem (807099) | more than 9 years ago | (#10840623)

It's also these big companies that have to pay the most for spam I think, in bandwidth and storage costs etc.

Call me a cynic, but aren't the big companies the ones who make the most from spam, by selling the email addresses of their (non-paying, at least) customers to all comers? I'm afraid when MS and Yahoo are concerned about spam, I always think of dracula complaining about an excess of blood.

Re:Big boys (0)

Anonymous Coward | more than 9 years ago | (#10841288)

Domainkeys has to be implemented by the *sender* domain in order to be useful. If Yahoo implements it for all mail "From" @yahoo.com, then everyone can use that to determine wether a given mail really is from an authorized Yahoo user (as opposed to some spammer just forging a yahoo.com sender).

This wont do much for mail *arriving* at a yahoo.com mailbox, unless the domain it is 'from' also implements domainkeys.

FAUILRE (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#10840402)

nath0rn did not post this, he didnt put his name in the article, so we cannot verify this.. as such, it is invalid.

--Rucas

Re:FAUILRE (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10840403)

OMG LET ME JOIN GNAA IT WAS MY POST LOL

Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.

Re:FAUILRE (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10840415)

NEIN MEIN HERREN!

After A While In The Works... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10840404)

Yahoo has actually been planning this for quite some time [yahoo.com] now, as their users, as seen in the link about 11 words ago, have been quite vocal about their problems with spam.

Re:After A While In The Works... (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#10840408)

whoa i never new about that thanks for the heads up

Re:After A While In The Works... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10840411)

No problem man, just helping out where I can.

Re:After A While In The Works... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10840435)

How'd this get modded offtopic?

Re:After A While In The Works... (1)

soyle (196995) | more than 9 years ago | (#10840743)

Probably because the submitted link ends up pointing to dc.h4xx.com rather than the indicated yahoo.com link.

I just RTFA... submarine patent potential (4, Informative)

Neo-Rio-101 (700494) | more than 9 years ago | (#10840413)

Well so far, the patent on Domain Keys *seems* pretty benign. All they seem to want is that if you implement it, Yahoo! wants the free advertising and their trademark to stay intact.

The point that worries me is that Yahoo still retain the right to alter this agreement at any time and (heaven forbid) change it to force licence payments.

I fear it may be used as a submarine patent.
Damn shame.

Re:I just RTFA... submarine patent potential (2, Insightful)

MavEtJu (241979) | more than 9 years ago | (#10840424)

You may continue under the terms and conditions of this Agreement or agree to the updated or modified terms and conditions.

So even if they change it, you don't have to change along.

But then, *every* description they give can be interpreted as a submarine patent, which is /. version of terrorism.

Re:I just RTFA... submarine patent potential (5, Informative)

zurab (188064) | more than 9 years ago | (#10840450)

The point that worries me is that Yahoo still retain the right to alter this agreement at any time and (heaven forbid) change it to force licence payments.

The license states that it is "sub-licensable":

1.1. Subject to the terms and conditions of this Agreement, DomainKeys Developer hereby grants You, a royalty-free, worldwide, sub-licensable, non-exclusive license under its rights to the Yahoo! Patent Claims to make, use, sell, offer for sale, and/or import Implementations.

IANAL, but to me it means that once I obtain this license, I can sub-license it to someone else without Yahoo! being involved in the contract. So, even though there is nothing preventing Yahoo! from charging for the license in the future, the licensors that would have already executed the license agreement would be under no obligation to do so. Those licensors would be able to sub-license the patents to new licensees under the original terms. So, there's no real problem there.

This, of course, is in sharp contrast to Microsoft's SenderID patent licensing scheme when the license granted by MS was "personal" and not sub-licensable. So, in effect, Microsoft would maintain control over any new licensee agreement. The Yahoo! agreement doesn't seem to suffer from the same impediment.

Re:I just RTFA... submarine patent potential (5, Insightful)

EJB (9167) | more than 9 years ago | (#10840465)

If you read the license thoroughly, you find that you may continue to use the old patent license when Yahoo updates it, at your choice ("If Yahoo! makes such a modification, You may continue under the terms and conditions of this Agreement or agree to the updated or modified terms and conditions.")

This very much like the clause in a well-known free software license, the GPL. ("you can redistribute [...] under the terms of the GNU GPL [...]; either version 2 [...], or (at your option) any later version.")

In theory, if Yahoo changes the license, new developers wouldn't be able to use the older license, so they could wait until the patent becomes popular and then demand payment from new licensees.

But there's hardly any danger of that becoming a problem, since: "3.4 You may choose to distribute [...] a sublicense agreement, provided that: [...] such agreement complies with the terms and conditions of this Agreement"

So as long as there is anyone who accepted the old license (I just did) who is willing to sublicense to a new developer (I will, free of any charge) under the old license, the new developer doesn't need Yahoo.

- Erwin

Re:I just RTFA... submarine patent potential (2, Insightful)

doctormetal (62102) | more than 9 years ago | (#10840612)

If you read the license thoroughly, you find that you may continue to use the old patent license when Yahoo updates it, at your choice ("If Yahoo! makes such a modification, You may continue under the terms and conditions of this Agreement or agree to the updated or modified terms and conditions.")

This very much like the clause in a well-known free software license, the GPL. ("you can redistribute [...] under the terms of the GNU GPL [...]; either version 2 [...], or (at your option) any later version.")


But what if, after some time, they make a small but significant adjustment to the specs and make that only available under the new version of the license?

In that situation implementation of the old spec is not a problem, but implementation of the new spec is.

Re:I just RTFA... submarine patent potential (1)

scum-e-bag (211846) | more than 9 years ago | (#10840683)

Then the new spec would be worthless as long as the old spec continued to stop spam. The licence allows you to sub-licence as many times as you wish. You can pass it onto yourself an infinite ammount of times, which should allow you to distribute as many versions of your software that incorporates the spec.

Strangely enough... (5, Informative)

cow_licker (172474) | more than 9 years ago | (#10840416)

GMail used it first.

http://it.slashdot.org/it/04/10/18/0236201.shtml ?t id=111&tid=217&tid=95&tid=1

Licence (4, Informative)

stewwy (687854) | more than 9 years ago | (#10840417)

Read the licence , seems pretty decent at first glance , they just want acknoledgement of their IP and the licence is p[erpetual so they can't revoke it unless you break their terms

Re:Licence (5, Interesting)

pe1rxq (141710) | more than 9 years ago | (#10840448)

Its a bit like the BSD with advertising license...
(Although only in source & object code so not on boxes or ads and stuff, but even object code is already a problem)
It seems reasonable at first (Just one line saying 'thank you Yahoo') but it has the same problem as the BSD license had: You end up with an ever growing amount of lines of all kind of people wanting the world to know you used a pieco of their 'IP'.

Imagine a helloworld program like this:

~$hello
Hello world
This program was compiled using the GNU C compiler ,Copyright The Free software foundation, Richard Stallman, etc
This program uses header files written by Linus Torvalds.
This program was linked against the GNU C library
This program was written in the C language which contains IP from K&R.
This program uses SCO owned IP.


Would it be a great world if all software was like this?

Jeroen

Re:Licence (2, Informative)

Anonymous Coward | more than 9 years ago | (#10840739)

Your point is good, but in case someone takes your hyperbole literally:

Advertising clauses typically only require acknowledgement wherever you already put your own copyright notices. So, using your example, the output of "hello -V" and the second page of your manual, if you had one, might have to contain the additional text. Mixing copyright notices into the expected regular output of your program would be silly.

Sadly, more spammers use this than legit sites (-1, Offtopic)

leonbrooks (8043) | more than 9 years ago | (#10840418)

The trouble with apathy is that nobody does anything about it. Even I used to be apathetic, but I've long since given up worrying about it.

Trouble for campus emails also (4, Insightful)

cloudkj (685320) | more than 9 years ago | (#10840422)

My college email account gets bombarded with fake emails claiming to be random financial institutions. All of academia needs to catch on to this trend fast also.

Re:Trouble for campus emails also (0)

Anonymous Coward | more than 9 years ago | (#10841314)

You misunderstand - if your college implemented it, then *other* people would be able to use it to verify the authenticity of mail sent from your college. To combat mail forged 'from' banks, the *banks* need to implement it for their domains.

Patents and Standards .... (3, Interesting)

Gopal.V (532678) | more than 9 years ago | (#10840433)

If it gets accepted as an RFC standard, I think we all deserve a royalty free patent grant :)

Or even better a patent grant for code under "OSI approved" licenses ... (*wishful thinking*)

Seems to be a very nice Public key based system using standard RSA algorithm too . But I still want my ogg streams over DNS ... not just Domain public keys :)

Re:Patents and Standards .... (1)

SillyNickName4me (760022) | more than 9 years ago | (#10840969)

Please read the patent license (link is in the writeup).

Storage (0, Offtopic)

BabyJaysus (808429) | more than 9 years ago | (#10840443)

Um... my storage has not changed from 100 MB to 250 MB. Am I missing something? - Do I need to actually RTFA?

Not that helpful in stopping spam (4, Informative)

auzy (680819) | more than 9 years ago | (#10840451)

Due to the way the can spam act works with the opt-out links, this doesn't really stop spam at all. Recent research pointed out that the majority of domainkey users so far have been spammers, because it makes it more likely they pass the spam filters. Its really no better then the techniques used now, especially because a large amount of spam isn't using spoofed addresses, but completely valid ones.

The problem with spam is slowing it down, whats really needed is a CPU intensive solution like the hashcash suggestion (like which has been suggested before), that way mass spammers can be differentiated from different users. While mailing lists may suffer due to it, with the addition of a standard mailing list protocol where you email a certain message to your mailing server, they send a message to the mailing list to subscribe on behalf of you, and for your account prevent the need to use hashcash.

The only way this could help spam is if Microsoft started charging for emails (which they have wanted to do for a while now).

Re:Not that helpful in stopping spam (5, Informative)

avel599 (413285) | more than 9 years ago | (#10840513)

Thank you! The title in this article is the common misleading thing about such 'caller ID' methods.

Bob Beck from the OpenBSD team says it better than me [onlamp.com] . (Read the whole interview btw, it's very very interesting).


What's my conclusion? SPF and caller ID does two things, which I would do if I were writing spam software:

1. Encourages spammers to publish SPF records (and they have).

If I were a spammer, I would publish SPF records for my throwaway domains to allow the places I'm spamming from. There's a nice site about SPF that tells me how to do it :) The biggest SPF adopters I see on my site (from No. 2 above) are spammers.

2. Encourages spammers not to spam from SPF-publishing addresses.

(And don't forget, this is what AOL and MSN *really* care about.)

Re:Not that helpful in stopping spam (3, Informative)

SillyNickName4me (760022) | more than 9 years ago | (#10841305)

> What's my conclusion? SPF and caller ID does two things, which I would do if I were writing spam software:

Now, while that line is correct, it also shows quite clearly what is behind Bob's statement (see below)

> 1. Encourages spammers to publish SPF records (and they have).

> If I were a spammer, I would publish SPF records for my throwaway domains to allow the places I'm spamming from. There's a nice site about SPF that tells me how to do it :) The biggest SPF adopters I see on my site (from No. 2 above) are spammers.

Yes, they can do that for sure.

> 2. Encourages spammers not to spam from SPF-publishing addresses.

> (And don't forget, this is what AOL and MSN *really* care abo

ANd it also happens to be what I as a small business and private user care about.

WHen I get an email from a site that publishes SPF records, I can have a reasonable level of confidence int hat it really comes from that site (ie, my bank, ebay etc etc).

It will also help reducing the flood of failure messages that result from anti virus software and mail viruses.

It will also help create an environment where we can held peopel responsible for what they send out since we have a reasonable assurance they indeed did send it.

Together this makes for an environment that also discourages spam, but that is not the primary goal of it, and it wont stop spam by itself.

It seems from reading the interview that Bob has a bit of an issue with SPF and similar for emotional rather then technical reasons. The way he says things (is this the interview?) is suggesting he believes SPF makes the situation worse. It appears to me however that 1. that is not the case, and 2. that opinion is mostly motivated by his support for the RBLs and not wantign alternative solutions.

RBLs are a bad solution because they create a bigger problem then the one they try to solve.

- It creates small groups of people with an insane amount of influence on email delivery, thereby putting power in the hands of people who can not be held accountable for their actions, but can disrupt things quite seriously.

- In order to be usable, an RBL has to be both very fast and very accurate. Those two are managable as long as there are few incidents only.

We do not need dictatorships or burocraciies to manage the flow of email, and they are more serious issues then spam in the end.

Re:Not that helpful in stopping spam (4, Insightful)

Jugalator (259273) | more than 9 years ago | (#10840517)

Recent research pointed out that the majority of domainkey users so far have been spammers, because it makes it more likely they pass the spam filters

However, I doubt this will hold true for long if enough mail providers start supporting it, companies starts registering them, and black lists with "bad domain keys" are created. Yes, it might take a while for all this to happen, but so would it do for many people to accept your suggestion.

Re:Not that helpful in stopping spam (3, Insightful)

cgreuter (82182) | more than 9 years ago | (#10840707)

Recent research pointed out that the majority of domainkey users so far have been spammers, because it makes it more likely they pass the spam filters. Its really no better then the techniques used now, especially because a large amount of spam isn't using spoofed addresses, but completely valid ones.

It's a common misconception that things like SPF and domain keys are tools for stopping spam. They're not. They're infrastructure to be used for building anti-spam tools.

The real advantage to domain keys is that there's an immediate advantage for using them. Senders benefit because it gives their messages more credibility (making it practical for people to, for example, whitelist mail from yahoo.com,) and receivers benefit because they can identify some spoofed messages with absolute certainty, saving some bandwidth and thwarting some phishers. The more implementers there are, the more valuable the system becomes and the more implementers there will be.

And once anti-spoofing is in place, then we can leverage those into anti-spam techniques to root out throwaway domains. (E.g. seriously throttle the incoming connection from any domain that is blacklisted, doesn't implement authentication and that has not sent out at least one message a month for the last six months.)

Re:Not that helpful in stopping spam (1)

Reverant (581129) | more than 9 years ago | (#10840888)

I would *hope* that spammers start using DomainKeys, because when they do, to send their spam, they effectively "tag" their mails with their private/public key. So, when you get a "signed" spam email, you submit it to "version 2" of SpamHaus, which should now not only block IP addresses, but also domains based on the public key. That makes our lives a whole lot easier.

The point here is that DomainKeys is not by itself a solution, as is not an SPF or a SBL. You need both to be very effective.

Re:Not that helpful in stopping spam (1)

advocate_one (662832) | more than 9 years ago | (#10841095)

The problem with spam is slowing it down, whats really needed is a CPU intensive solution like the hashcash suggestion (like which has been suggested before), that way mass spammers can be differentiated from different users.

fix isn't to slow it down, the fix is for Microsoft to fix their borked OSes and make it impossible for them to be zombified... then spammers will have to go to using more awkward methods. In the meantime, ISPs should be more proactive and toss zombied boxes off the network. Users will soon get the clue when they cannot connect.

Personally, I'm of the suspicion that it's all a conspiracy to push a technical solution on us from above making it mandatory to only connect with certified clean boxes. And wondrously so, Microsoft and the hardware manufacturers will magically appear with the solution in the form of new hardware and software.

I can't wait for my 250MB. (2, Funny)

PeteDotNu (689884) | more than 9 years ago | (#10840461)

After all, I'm using an entire 1% of my current 100MB allowance. That extra 150 will really come in handy.

It's not to fight spam, it's to prevent forgery (4, Insightful)

RollingThunder (88952) | more than 9 years ago | (#10840476)

As I understand it, the biggest benefit of domainkeys is not the person that is receiving the mail from a dk-enabled domain, but rather the dk-enabled domain stops seeing so many bounces coming back from people claiming to be them.

Instead, when a spammer tries to send a dk-enabled recipient, faking a dk-enabled domain, the recipients MTA rejects immediately, rather than bouncing, which would go to the wrong place.

Domainkeys don't mean "not spam". They mean "this MTA is authorized to send on our behalf". That MTA may well be a spam-friendly MTA.

Except this will break my Email (2, Insightful)

Macka (9388) | more than 9 years ago | (#10840651)


The only problem with this solution is that it's going to make sending email virtually unusable for people like me. I work for myself, and have my domain and email inbox provided by a hosting company. When working from my home office I connect to the net using a local broadband ISP and I have to use their SMTP server for sending mail. I can't use my hosting company's server cos I'm outside their network. Similarly, when I'm away from my office, I connect to the net using GPRS and use my mobile provider's SMTP server. And sometime if I'm on a clients network I'll use their SMTP server instead.

In all those cases it doesn't matter where I'm sending from, cos the From: and Reply-To: headers point back to my domain, so when people reply to me their email goes to the right place. It's even more important these days with spam filters in front of everyone's Inbox that my From: field correctly identifies who I am. And from a business point of view that has to remain consistent.

The Yahoo site describing this states that for DomainKeys to work, the domain is extracted from the From: field, a DNS lookup fetches the public key, and that is then compared to the email's private key to confirm the email came from the correct place.

For me this is always fail, whether I'm working from home, or I'm out on the road. Basically, it's a complete disaster. Right now I'm not sure how I'd get round that.

I can't be the only person this would screw up. There must be tens of thousands of other people out there who legitimately use email this way and would be badly affected by this.

Re:Except this will break my Email (2, Informative)

Ewan (5533) | more than 9 years ago | (#10840673)

It is a bit of a pain, but if it's a decent hosting company it will be implementing SMTP with authentication for you to use, to send emails via them instead of whichever ISP you are connected to.

Pretty much every mainstream email client now supports it, and a any decent hosting company selling you service should support it too.

Ewan

No, it won't. (2, Informative)

warrax_666 (144623) | more than 9 years ago | (#10840774)

You're confusing the the envelope From (ie. where bounces and suchlike go) and the From: mail header. DomainKeys/SPF still allow completely arbitrary From: mail headers.

Re:No, it won't. (2, Insightful)

DrSkwid (118965) | more than 9 years ago | (#10841050)


Nothing to do with the Envelope, all to do the with the RFC822 message :

http://antispam.yahoo.com/domainkeys

"When each email is sent by an authorized end-user within the domain, the DomainKey-enabled email system automatically uses the stored private key to generate a digital signature of the message. This signature is then pre-pended as a header to the email."

"The DomainKeys-enabled receiving email system extracts the signature and claimed From: domain from the email headers and fetches the public key from DNS for the claimed From: domain."

This is good news for our roving buddy, all he needs is a way to sign the message himself.

This also means that you could sign and send the messages on *any* machine so long as you had the private key handy.

I wonder how long it will take for people to realise that their private key has been stolen and is being used to sign spam ?

Re:It's not to fight spam, it's to prevent forgery (2, Insightful)

garver (30881) | more than 9 years ago | (#10840878)

IMHO, fixing forgery will go a long ways toward fixing spam. Spammers can not only be anonymous, but they can even spoof legitimate addresses. Remove that anonymity by tying them to a domain, which is registered, and we can hunt them down and have our way with them.

Think about your inbox. Immediately remove the scam mails spoofing banks, etc. Now, bring the ones from known good domains to the front and push known bad domains to the back. Finally, mark the spam and your MUA automatically notifies the domain's registrar that the domain is being used for spam. The registrar could revoke the domain or maintain a signal to noise ratio and let you decide.

Should work for virus mail too then (1)

steve_l (109732) | more than 9 years ago | (#10840889)

I hate my inbox being full of bounce mail from viruses; domainkey and SPF can make it easier for auth systems to silently kill it.

Of course, I suspect this won't happen because even today, when all virus mail uses forged sender addresses, too many virus scanners insist on sending "your email has a virus, here it is attached" responses, despite the fact the up-to-date virus scanner could trivially have a flag to say "spoofed, delete it" next to the fancy virus signature stuff you have to pay $$ for.

Should be free (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10840483)

Saying that music should be free because it is easy to copy is like saying you should be dead because you're so easy to kill

Idea simple... too simple (1, Informative)

IBitOBear (410965) | more than 9 years ago | (#10840512)

Like nay good quick fix, this is "good idea" from the pre-history of fact.

Spam sent from zombie (pwned) machines and open relays will all come from valid domains.

Forged from locations *also* can come from valid domains.

For an idea to be good it has to be "simple" _AND_ "effective".

This will just encourage less traceability and cut of legitimate and careful operators.

Consider I have a domin, I do tiny bits of email, my *reverse* domain is going to show up as bunch-of-numbers-provider-tld, which won't match my sendings unless I pay lots and lots of money to my provider (Ok, I'll say it, "Comcast") for a business account wiht a proper inverse DNS entry.

So this is shaft common people and encourage virus/trojan writers and open the door for profiteering.

Yea... that'll help a hell of a lot.

Re:Idea simple... too simple (1)

samael (12612) | more than 9 years ago | (#10840530)

You have a domain - why aren't you using _it_ as your SMTP server? Then you would set it up with a domainkey and bingo - you'd be unforgeable.

Re:Idea simple... too simple (1)

a24061 (703202) | more than 9 years ago | (#10840633)

I agree. I already have trouble with arrogant admins blindly using dynamic IP blacklists and telling me I should use my ISP's unreliable SMTP servers. This will just make matters worse, as my e-mail address uses my registered domain rather than my ISP's, so it will be impossible for me to get my domain to match the IP my mail comes from.

Re:Idea simple... too simple (0)

Anonymous Coward | more than 9 years ago | (#10841109)

Read the domain keys draft. What IP you are on is irellevant. What matters is whether or not you have access to DNS so you can make a domain key available in the zone for your domain. If you can do that you can sign your mails with the private key and send it through whatever mail server you want and the signature will verify correctly.

Re:Idea simple... too simple (1)

kiddygrinder (605598) | more than 9 years ago | (#10840692)

Actually, a zombie will not be able to provide a matching domain key unless it generates it based on it's current ip address. So yes, it will shaft common people, and no, it won't benifit virus/trojan writers. Seriously, some chick at my work gets over 1.2k spams a day, if i don't have to try to slow them down again, I'll give satan i nice iced lolly.

Re:Idea simple... too simple (4, Informative)

Brian Blessed (258910) | more than 9 years ago | (#10840930)

Consider I have a domin, I do tiny bits of email, my *reverse* domain is going to show up as bunch-of-numbers-provider-tld, which won't match my sendings unless I pay lots and lots of money to my provider (Ok, I'll say it, "Comcast") for a business account wiht a proper inverse DNS entry.

This doesn't make any sense. If you have your own domain then you will just put the DK public key in the record for that domain. It doesn't matter what your sending IP address reverse-resolves to, because that isn't how Domain Keys works. You can even relay the signed mails through your ISP because, once signed, their authenticity can be verified regardless of the MTA that is passing them on.

- Brian.

the tollgate for the next "eyeballs" of the net... (3, Insightful)

Anonymous Coward | more than 9 years ago | (#10840515)

I prediced when they first came up with this idea, that owners of large numbers of "free" mailboxes would promote this idea wrapping themselves in the flag of fighting spam - but later they will turn it around and use it to bill companies for access to those mailboxes.
How? you ask (or not)

1. Company BigBox declares "All mail destined for our free mail accts must use Yahoo! Domain Keys (TM, R, SM, Patent #suckitlosers)"

2. Their mail servers count the number of emails signed by company X. (incrementing a long int counter associated with cert X in postgresql or yoursql is much less expensive than the YDK verification process)

3. They send a bill for USD 0.01 per email to the (email) address associated with the signing cert for company X during a given month.

4a. Company X says fuck off and doesn't pay the bill, BigBox tags Company X's cert record in their db and which blocks all incoming emails signed by that cert at the mail server untill the bill is paid.
4b. Company X tries to say "we didn't send that many emails to your captive eyeballboxes, it was Bad People (TM) who did it with our cert" BigBox says "Then you should have revoked your keys, beeeyyyyoutch!"

Don't say I didn't warn you - I even tried to make a long bet [longbets.org] about it because at the time we didn't know how long it would take before the major players would implement YDK - and I wanted Yahoo! to bet against me, so that they couldn't disingenuously act as if they had never heard/thought of that use for Yahoo! Demon Keys.

Re:the tollgate for the next "eyeballs" of the net (0)

Anonymous Coward | more than 9 years ago | (#10840588)

some smart people browse at "0", you are a a smart guy and you are correct

will i mod you up? no. i never have modded anyone up or down in my life (but i have posted over twenty posts as AC that immediately shot to +5) the reason... i post real juicy dirt and provocative facts.... just as you do.

your prediction is a valid one

Re:the tollgate for the next "eyeballs" of the net (0)

igaborf (69869) | more than 9 years ago | (#10840851)

5. Company BigBox's customer says, "I'm supposed to be getting mail from Company X and it's not showing up in the mailbox I'm paying you for. Deliver my fucking mail RIGHT NOW or cancel my fucking account and refund my money."

Put your tinfoil hat back in the closet, AC.

Re:the tollgate for the next "eyeballs" of the net (0)

Anonymous Coward | more than 9 years ago | (#10840896)

or cancel my fucking account and refund my money.

The reason why no tinfoil is involved and why this will happen is the same reason google can display ads on your gmail box - to support the free service that they are giving you for free .

It will become acceptable to charge companies for access to large herds of eyeballs (that gathered there because something was free) - that is my bet/prediction. And it will be accepted because "it is a good way to reduce spam and support free services".

I hope I'm wrong, but I won't the way things are going.

Patent it (1)

codepunk (167897) | more than 9 years ago | (#10841211)

Well if this is what is going to happen then why don't you patent it? This would probably be covered nicely by a business method patent. When they start doing it you sue the hell out of yahoo and retire.

PGP Signing? (2, Insightful)

Anonymous Coward | more than 9 years ago | (#10840516)

I'm probably wrong, but this sounds like automatic PGP signing on outbound emails, at a domain-based level.

It's too bad webmail and other MUAs don't include PGP as a more standard option.

Re:PGP Signing? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10840533)

yes, you are wrong

Re:PGP Signing? (1)

kiddygrinder (605598) | more than 9 years ago | (#10840697)

It's pretty much the same principle, except it's at a domain level (I believe) rather than a individual level.

Re:PGP Signing? (0)

Anonymous Coward | more than 9 years ago | (#10841085)

The "level" isn't defined. A minimum of one selector needs to exist for a domain in order to use domain keys, but the upper number is unbounded so it's quite possible to use a selector per user.

One major drawback (1, Funny)

OSXpert (560516) | more than 9 years ago | (#10840535)

The only possible flaw i see in this system is that now, in soviet russia, spammers can block Yahoo. Is this fixable or does Yahoo just have to deal with this?

opening myself up to ridicule (1)

circletimessquare (444983) | more than 9 years ago | (#10840576)

how would one implement dk with iis's smtp service?

and yes, this is an honest question

DomainKeys breaks RFC 2821 and 2822 (5, Informative)

spafbnerf (749681) | more than 9 years ago | (#10840581)

RTFA [circleid.com] . Interesting reading on what may hinder adoption of DomainKeys for some.

Re:DomainKeys breaks RFC 2821 and 2822 (0)

Anonymous Coward | more than 9 years ago | (#10840892)

Um, there is no way you can verify the integrity of the headers unless you make them immutable. So DomainKeys isn't broken. The RFC is broken and needs to be fixed.

Pity about the MTAs that do change the header.

John Roth

How is this so much better and easier than SPF? (1, Insightful)

Anonymous Coward | more than 9 years ago | (#10840595)

Why do we need something else than SPF? SPF is open, easy and already working in many places. It doesn't need vastly new software or much special at all.

All you do is to add a TXT record to your domain and write down which addresses are permitted to send mail in your name.

http://spf.pobox.com/ [pobox.com]

Re:How is this so much better and easier than SPF? (3, Informative)

Anonymous Coward | more than 9 years ago | (#10840745)

Actually there is a big difference between SPF and DomainKeys. As you point out, SPF is an IP based solutions looking at the most recent IP address from where an email came. Unfortunately this breaks frequently given the prevalance of email forwarding systems (vanity domains and university email systems that provide life long forwarding) and thus, while SPF could be a positive step, it doesn't allow the receiving system to apply the reputation of a domain (or IP address) credibly and universally.

In contrast, DomainKeys is a signature based or crypto solution that uses a public private key set to enable a receiving mail provider to know definitively if the mail came from the domain it says it came from - regardless of the most recent (forwarding system) IP address.

Given that Y! approached DomainKeys with an opensource license and implementations (http://domainkeys.sourceforge.net) are already available from qmail, sendmail and CERN has developed an exchange implementation, it's a pretty easy path to a better solution that SPF.

Yes, but this isn't what is important (4, Insightful)

Trestop (571707) | more than 9 years ago | (#10840988)

What's important is that DomainKeys signs the content of the email itself, so you know not only that this email came from an approved sender, but also it wasn't tampered with on the way. As a result remailers that add content (such as mailing lists) will have to re-sign the messages passing through or remove the DomainKeys headers at all, which is quite a headache.

Spam and patents (4, Insightful)

Elektroschock (659467) | more than 9 years ago | (#10840613)

Software patents are bad for the market and patents that have to be granted royality-free are not worth the transaction cost burden the software company pays to the patent industry (= patent professionals). Patent trolls contribute much to market insecurity in the software market.

I hope in Europe we will get safe from software patents [nosoftpatents.com] . It is worth to fight for that.

I don't believe that conceptual protection of software was bad but patents ARE the wrong instruments. Players such as FFII's Hartmut Pilch propose Industrial Copyright to fill the gap. It there is a gap.

For the EU Patent directive European market players [protectinnovation.org] need certain amendments [ffii.org] into the directive.

Yahoo could save wasted money.

To find out more about patents I recommend a short introduction text of FFII [ffii.org] .

Necessary Evil (1)

Trestop (571707) | more than 9 years ago | (#10840823)

While software patents are indeed evil, the situation would have been worse has Yahoo not take out a patent on the algorithm.

Being a highly visible algorithm, its quite likely that has it not been patented already, someone (for example, a large software corporation, hint hint) would just go ahead and patent Yahoo's DomainKeys instead - or maybe just something similar enough that will be called, maybe, "Authenticated Sender Identification". US Patent office officials, being dumb enough or greesed well enough will just pass it w/o due examination and then said corporation can just go ahead and sue everyone deploying a mail server with Domain Keys!

Now, of course the best solution would be to have software algorithms not patented (in the US and elsewhere), but that being no more then wishful thinking the next best thing is exactly what Yahoo has done.

I myself thank them for that.

OFF Topic! (0, Offtopic)

Donny Smith (567043) | more than 9 years ago | (#10841115)

WTF?

Your posting is named "Spam and Patents" and there's not a single thing about spam (except in the subject).

Your posting, Sir, is non-relevant and off-topic.

How will I grow my penis size now? (1, Funny)

Anonymous Coward | more than 9 years ago | (#10840614)

Or help rescue Nigeria? View sexy cheerleaders? Take the blue pill? Discover better Dell deals? Get flat screen plasma TVs for free? Huh? Huh?

Re:How will I grow my penis size now? (0)

boutell (5367) | more than 9 years ago | (#10840807)

You forgot your rolex.

Hope this helps.

Wait a minute - what about pop3 accounts (-1)

Anonymous Coward | more than 9 years ago | (#10840626)

I have a pop3 yahoo account. I pay for the ability to send and receive yahoo emails from outlook. However, I have to use my isp's mail server to send with yahoo's return address. Does this mean my emails will be rejected?

DomainKeys and Spamassassin (1)

Anonymous Coward | more than 9 years ago | (#10840631)

I don't think this will take off until there is an easy way to plug this into Spamassassin.

Call me a cynic but... (4, Insightful)

TooCynical (323240) | more than 9 years ago | (#10840655)

In all reality, this is just driving toward another revenue stream for them. It is much easier to charge Spamers a fee to reach you than it is to get you to pay 19.99 a year for Mail Plus.

Re:Call me a cynic but... (1)

adzoox (615327) | more than 9 years ago | (#10841004)

The article has nothing to do with how spammers can send email if they have Premium accounts.

I have a premium yahoo account. I was pleased yesterday to find it had jumped to 2GB of storage and the attachment size had jumped from 5MB to 25MB.

The other thing I noticed though is that you can only send to 10 recipients at a time and it won't send ANY email if one of those addresses is an invalid email account or is even port blocked.

I tested this out several times yesterday.

I do believe you are correct that this is a push towards revenue for Yahoo.

Think about it:

The more space that is available, the less they have to deal with their #4 customer complaint - my inbox is full and bouncing email!

Also, Yahoo cleverly markets to you eventhough they say they don't sell your email address. Bulk lists of users are available to most anyone by making a bot to find yahoo domain email addresses. For instance; find all email addresses that begin with "a" and end with "@yahoo.com" (That finds me) - guess who makes and sells a tool that can do that? (Psst...yahoo)

Why is everyone so hopped up about junk e-mail.. (0)

Anonymous Coward | more than 9 years ago | (#10840721)

..in comparison to the amount of paper junk that appears at their front door?

It seems every nerd and his dog only understand computers and go on and on about this major threat to humanity. Outside their bedroom, in real life, huge amounts of environmental waste is being created from paper junk mail.

Nerds need to switch off their computer once in a while, wash the dried in sperm off their hand and step outside to their mail box and see where the real problem is.

MOD PARENT DOWN (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10840759)

TROLL

Re:Why is everyone so hopped up about junk e-mail. (-1)

spafbnerf (749681) | more than 9 years ago | (#10840794)

It's pollution of our internet man....

ShW1t... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10840830)

havi8g lost 93% [goat.cx]

I use it, it sucks (1)

walterbyrd (182728) | more than 9 years ago | (#10840986)

I use yahoo email. It's okay, but the spam checking feature sucks.

It seems to work in almost arbitrary fashion. It never "learns" like it is supposed to. No matter how many times I indicate that certain senders are not spam, or that certain senders are spam, yahoo files emails from certain senders in "bulk mail" other in my standard inbox.

Since I have to check both my "bulk mail" and inbox anyway; there is little benefit to yahoo's spam checking. I appreciate the effort, But, it doesn't work well enough to be very helpful.

Re:I use it, it sucks (1)

The Cisco Kid (31490) | more than 9 years ago | (#10841347)

domainkeys is a way to tag your *outgoing* mail with a signature, to enable others a chance to determine if a mail 'from' your domain is valid, or is a forgery.

It has nothing to do with incoming mail unless the sender domain of a given peice of mail uses it, then if you get a mail claiming to be from that domain, you could check it. So before it will have much of an impact, *lots* of domains will have to implement it. But since (at one point at least) the big freemail providers domains were popular for forging as the sender of spam, this will help everyone to be able to identify and block or devnull that..

cheers! netscape is being revived ! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10840998)

based on the firefox's popularity they have plans to revive netscape - check the news - somebody pls post it here in /.

http://www.betanews.com/article/Netscape_Revived _W ith_Firefox_Backing/1100641540

Why not a different approach (1)

halftrack1950 (831918) | more than 9 years ago | (#10841143)

Most spam is designed to generate a purchase using a credit card. Most credit card companies are controlled by US companies. Why not go after the spam sites merchant accounts and get the cooperation of the credit card companies to shut them off.

Hosting multiple domains (1)

IgorMrBean (528387) | more than 9 years ago | (#10841356)

I'm wondering about that, because, as a hosting provider, we host a lot of domains.

By reading this proposal, it means that each domain will need a pair of private/public keys.

My customers will probably don't care about that, and will require that we take care of handling dozens of keys... that can be a mess for hosting compagnies....
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...