Spammers, phishers and other Internet bottom-feeders, be warned.
A key Internet standards body gave preliminary approval on Tuesday to a powerful technology designed to detect and block fake e-mail messages. It's called DomainKeys Identified Mail, and it promises to give Internet users the best chance so far of stanching the seemingly endless flow of fraudulent junk e-mail.
Yahoo, Cisco Systems, Sendmail and PGP Corporation are behind the push for DomainKeys, which the companies said in a joint statement will provide "businesses with heightened brand protection by providing message authentication, verification and traceability to help determine whether a message is legitimate."
The draft standard that the Internet Engineering Task Force adopted is more promising than most other anti-spam and antiphishing technologies because it harnesses the power of cryptographically secure digital signatures to thwart online miscreants.
The way it works is straightforward: if PayPal sends an e-mail notice to customers about their accounts, the company's outgoing mail server will quietly insert a digital signature into the legitimate message. (Because the signature is embedded in the message headers, it's generally not visible to human readers.)
Let's say the recipient has a Yahoo Mail address. Yahoo's mail servers can automatically check PayPal's Internet domain name listing to verify that the digital signature is valid and the message truly originated at Paypal.com. Signatures by authorized third parties are permitted as well, which is useful for outsourced e-mail.
If the signature doesn't check out, the message is probably spam--or a phishing attack designed to try to fool someone into divulging their details about their PayPal account. While the DomainKeys standard doesn't actually specify that messages with invalid signatures should be flagged as junk, Internet service providers are likely to do just that.
DomainKeys explained
DomainKeys works by embedding a digital signature in the headers of an outgoing e-mail message. If the cryptographically secure signature checks out, the message can be delivered as usual. Otherwise, it can be flagged as spam.
Here's an example of an embedded DomainKeys header:
All of these steps represent a belated effort to fix a fundamental problem with Internet e-mail: it was designed in a far more innocent era and came with little built-in security. (An additional benefit of fixing e-mail is that, in addition to targeting phishing attacks, DomainKeys can also help in identifying the kind of spoofed e-mail that led Engadget to
falsely report last week that Apple's iPhone would be delayed.)
In the long run, DomainKeys is more promising than existing antispam and antiphishing technologies, which rely on techniques like assembling a "blacklist" of known fraudsters or detecting such messages by trying to identify common characteristics.
But spammers have invented increasingly creative counterattacks, such as inserting image advertisements in the text of messages and appending excerpts from news articles and fiction works in an attempt to defeat the popular antispam method of Bayseian filtering. That kind of counterattack is called Bayesian poisoning.
DomainKeys represents a radical shift in the arms race between phishers, in particular, and Internet users: it's effectively a tactical nuclear attack that can't be countered. The digital signatures, which use public key cryptography, are viewed as unforgeable.
But the DomainKeys approach does suffer from one serious, short-term problem: it's only effective if both the sender and recipient's mail systems are upgraded to support the standard.
Also, it does not do anything to flag junk e-mail sent by a legitimate company, or identify spam sent from a domain name with a true DomainKeys record. By restricting spammers to a limited set of domain names, however, Yahoo believes "a persistent reputation profile can be established for that sending domain" that can be updated over time and posted publicly.
Other advocates so far include antispam vendors and frequent e-mail senders: AOL, EarthLink, IBM, VeriSign, IronPort Systems, Cox Communications and Trend Micro.
MediaPost puts DomainKey adoption at 48 percent among large online retailers. But that doesn't include large ones such as Dell, Wal-Mart Stores, Target, Gap, Macy's and Circuit City, even though they would likely benefit from being able to send authenticated e-mail. Yahoo, on the other hand, has used earlier versions of DomainKeys to sign all outgoing e-mail since 2004.
The Internet Engineering Task Force's preliminary approval does make DomainKeys, or DKIM, an official proposed standard. But because it's the only technology that has achieved that status--Microsoft's competing Sender ID idea has not--it has a visible edge.
In a blog posting on Tuesday, Yahoo engineer Mark Delany said: "Everything hinges on wide-spread adoption. Now that DKIM is on Standards Track, the hurdle to global adoption has been greatly reduced, but not cleared. I joked earlier that someone might not have heard of DKIM, but the email industry is so big and diverse that evangelizing, education and encouragement are needed to ensure the success of DKIM."
While the Sender ID program is similar in principle to DomainKeys, its acceptance has been limited because Microsoft initially did not agree to license patents in ways that are compatible with GNU General Public License. For its part, Yahoo has agreed to open up a number of its pending and granted patents for use with DomainKeys.
DomainKeys Identified Mail is a reworked and enhanced version of the DomainKeys concept initially invented by Yahoo. The newer version supports features like greater security and digital signatures by authorized third parties. A list of frequently asked questions describes how to configure an e-mail server to use DomainKeys.
This method might tell me that email from bob@aol.com really came from AOL, but it doesn't mean that Bob can't send me spam. Worse, will mail from my domain be automatically ignored because I don't own a big commercial domain? Given that the web is much more than large interconnected corporations, I don't see this affecting much more (hopefully) than phishing attacks. Not bad as far as that goes, I guess.
<bquote>Worse, will mail from my domain be automatically ignored because I don't own a big commercial domain?</bquote> Unless it gets to the point that sites <i>only</i> accept mail form DK-enabled sites, you won't have a problem. Even if it comes to that, there are plenty of "How-To's" on the net for setting up DK for your domains (if you're clued enough to be able to run your own mail server, you should be clued enough to figure out how to set up DK).
That said, it should be interesting to see what kind of load key-verification will put on a mail system.
My new best buddy, Ron Jeremy (shhh, did you here how BIG he was), who emails me at least 5 times a day, agrees that sender authentication is the cure for "performance problems". Wanna buy a Rolex watch cheap?
It seems that Microsoft has chosen the more traditional "blacklist" approach favoured by the new anti-spam platform sponsored by the French government, known as <a href="http://french-law.net/index.php?option=com_content&task=view&id=38&Itemid=1"> Signal Spam</a>
Ya know... this is sooo stupid. Why screw around with all this spam BS and filters and rules... whatever. It takes a few minutes and all the e-mail providers can fix this problem tomorrow. Two words: WHITE LIST.
If you don't know what that is or how it functions do a search and read. In a nutshell; you have a list of e-mail addresses(white list) where you allow the mail to land in your inbox. All others.... you don't even see. Nothing to delete, filter and all those BS things people do nowdays.
If none of the spam comes in, obviously there is no money to send it. Spam can be elliminated within a week if everyone using a white-list.
Yahoo, Google and others could provide a white list function but they don't want to. You have to ask them why. It's just plain stupid.
I started a webmail service with a white-list function, but the software kinda slow. If you're interested to see how that works, check out the site: www.webmail-usa.com It's free and no ads or promo.
>> Yahoo, Google and others could provide a >> white list function but they don't want to. >> You have to ask them why. It's just plain stupid. No they're not stupid. White list works OK for communicating with 'Friends and family'. But what about commercial websites, and 'contact us' emails you find in most of the websites?
By using digitial signature I think they're trying to fix the problem at the root itself, which is good.
Whitelists assume an out of band method for communicating email addresses prior to first send. Otherwise, initial communications will simply be lost to the ether. Not good. Whitelists simply aren't practical for any but the most casual of mail users. This is particularly true for business email.
Using whitelists may be ok for individuals who don't care if their legitimate mail isn't delivered but it doesn't work for businesses.
Over 75% of the mail we receive is one time messages from customers. We certainly don't want them to jump through hoops if they are trying to reach the order desk or customer service.
And the majority of the mail we send out are automated order confirmations or acknowledgments.
Therefore, if a customer is using an ISP or system that requires some kind of response before delivering those messages, then they just won't receive their mail. There is no standard way of responding to a whitelist so we can't automate the process.
My historical society has a site with our email address on it. We want and encourage people to email us to join, send us email messages with news, opinions, etc. If we had a white list with only known addresses, how could we then get all the legitimate email inquiries we'd miss if they never reached out inbox - I don't have these stranger's email addresses to add to a white list so I'd never see those inquires. Do they have to send me a postcard first with their email address on it so I can add it to the white list?
White List is a bad idea. What about that long lost friend who emails you, and you don't have them in your "White List" or address book.
I use GMail, and spam is pretty much non-existent. Maybe 1 in a 200 spam emails will get through. Hotmail on the other hand, is 2nd grade (as are most Microsoft products). I still have an old Hotmail account, and it just fills up with spam constantly.
If spam bothers you, get a GMail account. www.gmail.com
The answer to spam lies in making the financials unattractive to the spammers.
Today, it costs them effectively nothing to send millions of messages. If the hit rate of someone who buys something is .01%, who cares, they still make money.
If a system were devised that charged $.0001 per email sent and ISP's played along by giving most "retail" users 10000 messages per month and large (legitimate) corporations (who sign up for some kind of authentication like DKIM) unlimited messages then the finances turn upside down and the profit for spamming goes away, or they at least get much more selective in who they send to.
Me, I can't see the arms race stopping since every technology used will have some form of hack that breaks the system (cryptology included, tell the folks from the MPAA that crypto systems are uncrackable) The solution has to lie in the financial equation.
So who will be in charge of collecting all the money income from sent messages? This idea is not new, and it was, if I remember correctly, Bill Gates' proposed solution for spam a few years ago. The reason why this solution isn't widely accepted is because of two reasons:
1. People are used to free email. Not many people are willing to pay for e-mail, even if it is a fraction of a cent. Besides, if email providers were to start charging for email, the price would undoubtedtly increase with time. In time, it would come to be like snail mail, where you might spend $7 for a few stamps.
2. So who does the money go to? Microsoft? Yahoo? Both? The problem with charging for one of the basic internet services is that, the most successful company gets to call the shots. A chance for monopoly exists. Such a monopoly could compromise the open nature of the Internet.
Most of the spam sent today is by spambots. Therefore, your solution would punish the innocent (or people foolish enough not to have proper protection). We cannot do that.
I do not see how this will help stop SPAM from user PC's co-opted by malware trojans. It seems what this does is authenticate email from 'known good' domains- but AOL and Roardrunner are 'known good' domains, are they not?
Generally, robots either aren't going to relay through an ISPs mail server, or, if they do, they won't have the authentication credentials necessary to do so. As such, even if mails originate from my network address space or purport to be from my domain, if they don't go through my mail servers, they won't have the stamp of validity to prove that they came from "known good domains".
Domain keys authenticates that a email came from a domain and was not forged.
Once Domainkeys is more widely adopted then people will be able to easily build blacklists or white lists that cannot be bypassed since forged email will be a lot more difficult.
We are still in phase 1, trying to get a larger percentage of the Internet to use Domainkeys so the system can become useful.
Right now you can only use it to be certain that a message is forged.
Spam is payback for "publishing" your email address on some website...who then either sold it or had it harvested.
Use one of the free email addresses whenever you're filling out a form on the web. Then the spam goes to that account, and you don't have to be bothered with it.
However I've had less spam on my "Fake" email account that I use for exactly the purpose you mention and more on my personal, "Friends and family email" that I only use for that purpose.
Plus I've created a couple of email accounts that never were used but which filled up with spam.
You may make your email address more likely to be spammed but it appears that there is more to it than just that.
It's not just on websites where email addresses are harvested. There are plenty of infected Windows PCs running malware that harvests email addresses from address books, mail files, etc. and spreads them around. All you have to do is have your email address in such a person's address book, or merely have a message in their mailbox file for it to be harvested for spam.
Ok so the world is developing ever more communication standards and technologies so really we need to take this kind of model any realy iron it out over the years so that it might fit for all/most of the problems we have from communication. So far we havent done that good a job well atleast i get junk mail i find usless reather often and such.
The thing about junk mail is that you don't get the kinds of things you get in spam.
It's much more narrowly targeted to someone that at least has a possible interest in the category. I don't give a rats a** about fake rolexes (nor real ones either, but that's another story) and would never buy one. No bulk mailing (of paper) would ever target me for such stuff, it costs too much.
BTW, junk mail does to some extent subsidize the cost of other first class mail. It's delivered pre-sorted to the PO which costs considerably less than the regular mail. So to some extend, junkmail is GOOD for the people who use other fist class mail services. Whereas spam is just bad for everyone.
Again, no technology solution will ever work (in my mind). The only way to win is to wage a financial war.
How is DomainKeys the first standards track solution? SPF got on that track a couple of years ago and got a formal RFC published in April 2006 (RFC 4408). DomainKeys didn't get a published RFC until September of last year (RFC 4686).
If you don't GIVE your address out to every tom-dick-and-harry website that asks for it, you will NOT get spam (except on the extremely rare occasion that a spam server happens to do a random-alphabet send to everyone on your mail server...)
Train your users to STOP typing their email address into websites, and let them know that THEY'LL have to deal with the spam if they get it.
In many cases, people who never give out their addresses to websites get spam. It isn't rare at all. If you have an e-mail address on a popular domain name, rest assured you will get spam.
I'm sorry, but you have no clue what you're talking about. A lot of spam is generated by infected machines. If one of your friends/coworkers/aquaintances is infected and you send them an email, you will end up on a spam list. The spammer's robot programs will sift through the infected computer's files looking for email addresses. I have quite a few email addresses in use that are not public knowlege - they're used for data exchange. And they get spam frequently because of this.
Also, spammers try all combinations of email addresses hoping to get real ones. Why not - email is basically free to send. Especially when you're sending it from a compromised machine. Several times now I've created email addresses and had spam in them before I ever gave the address out.
While its not wise by any means to give out your email to anyone who asks, its certainly not the only way for the email address to get out. And once it gets out, it's out for good!
<a class="jive-link-external" href="http://www.botmaster.net/more1/" target="_newWindow">http://www.botmaster.net/more1/</a> if this thing can find it's way around getting shut out of forums, an email version could probly be made too:(
Last week, I had Yet Another of the Nigerian scam messages. OE showed nothing in the To: file and looking at source, I could identify nothing to explain why =I= received it.
I trashed the message, so can't corroborate my statement with evidence. Oh well.
Last time I had a Niger offer, I fwd: that to my ISP and surprise (NOT!) there was no reply.
Meanwhile, only this morning, I received another kneejerk from a known contact -- her msg with 25 addys in the To: field no doubt spawned thousands of panic follow-ons about the dread "Olympic torch" virus threat. *sigh*
Such people never learn, no matter how many times you tell them it takes only seconds to google about suspect threats.
Niger is not Nigeria. Why should your ISP reply to you sending them a copy of spam you received? Most likely they're too busy dealing the spam being sent by your fellow infected user's PC's than to have time to hold your hand and tell you how awful it is that you received a piece of 419 spam. Did they promise to block all spam from ever reaching you? Had you saved the message for examination, I'm sure your address would appear somewhere in one of the received headers. Send your friends to www.breakthechain.org and www.snopes.com
There are other headers such as "BCC:" and "Envelope-To:" that act in the same way at the to field from your end, so if you were viewing the full headers, and not just the shortened ones often shown in mail clients, then it would have been there somewhere, althoguth i tmight have been hard to spot.
The nature of email and the internet means that spam and other threads will always be there in some form.. we can only aim to reduce it's impact on our day to day lives. :)
In order to verify the signature, receivers need to have the sender's public key before they receive any email from that sender.
How will receivers get that? Do they use a trusted third party? I'd imagine they need to---if the public key is in the email, the DKIM method offers no security because any spammer could create a public key and sign the message.
A lot of spam comes from infected machines. It should actually be no problem for ISPs to spot sudden unusual outgoing email activity, and shut down that connection and inform the person that they need to clean up the machine, and only then let them get back on-line. If ISPs were serious about this, spambots would loose their appeal. But there are probably enough "disinterested" ISPs out there, that want their money no matter what goes through their cables. However, these would probably be not Major ISPs. If lots of SPAM comes through a particular route, the large ISPs could block that. Indeed Verizon at one point disrupted email from Europe to the USA by blocking major parts of it - claiming it as SPAM. This is of course ridiculous. But serious efforts on the part of ISPs to stem Spam at the source would definitively help.
If the ISP's simply blocked users from connecting to any port 25 outside of their own network a lot of spam would be forced to other channels. ISP's like Comcast, Charter, Road Runner refuse to block that because they don't want to deal with the small number of users who need to have the block listed to connect to their own outside SMTP.
Then why do I still get tons of spam in my yahoo account from other yahoo accounts? As a matter of fact I get spam from alleged yahoo accounts in all of my email accounts. I have accounts with Gmail, Yahoo, Earthlink, Hotmail....The only one that seems to have limited spam is Earthlink....Gmail's filters catch a lot, but on a daily basis I have 30-50 spam messages in my Gmail spam folder...with Earthlink, I rarely get spammed at all.
I already have enough trouble sending out newsletters to a list of 500 members and running into untinelligent blockers like SPAMCOP. At least Apple Mail and Yahoo Mail allow the user to determine what is really spam and what is not. I do not need some vitual nazi to take that choice away from me.
This seems to be a case where the cure is worse than the disease. Or technology running amok.
"Domain keys authenticates that a email came from "a domain" and was not forged."
Because this 'method' conventiently forgets that much of the spam is from *legitimate* accounts that are hijacked, say by malware (typically Windows, but not always) and it uses their accounts.
Besides, you can always forge the header just like you can forge the from IP address.
A more viable (but no more effective) solution is to look at the content, not the header, and note if the same content is sent to a large number of people, then go for further processing. So, essentially, the fruitless battle presently being fought. Either that of something like BlueFrog, but that does have it's own issues.
Certificates are too expensive for home mail servers.
This is just a way to extract hundreds of dollars per year from home users who have their own email server. It won't work unless server certificates can be obtained and verified without paying the exorbitant prices charged by the likes of VeriSign and others.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Unless it gets to the point that sites <i>only</i> accept mail form DK-enabled sites, you won't have a problem. Even if it comes to that, there are plenty of "How-To's" on the net for setting up DK for your domains (if you're clued enough to be able to run your own mail server, you should be clued enough to figure out how to set up DK).
That said, it should be interesting to see what kind of load key-verification will put on a mail system.
-tom
Signal Spam</a>
Whitelists are better, even though they have the potential of annoying legit users.
Why screw around with all this spam BS and filters and rules... whatever.
It takes a few minutes and all the e-mail providers can fix this problem tomorrow.
Two words: WHITE LIST.
If you don't know what that is or how it functions do a search and read.
In a nutshell; you have a list of e-mail addresses(white list) where you allow the mail to land in your inbox. All others.... you don't even see.
Nothing to delete, filter and all those BS things people do nowdays.
If none of the spam comes in, obviously there is no money to send it. Spam can be elliminated within a week if everyone using a white-list.
Yahoo, Google and others could provide a white list function but they don't want to. You have to ask them why. It's just plain stupid.
I started a webmail service with a white-list function, but the software kinda slow. If you're interested to see how that works, check out the site: www.webmail-usa.com
It's free and no ads or promo.
>> white list function but they don't want to. >> You have to ask them why. It's just plain
stupid.
No they're not stupid. White list works OK for communicating with 'Friends and family'. But what about commercial websites, and 'contact us' emails you find in most of the websites?
By using digitial signature I think they're trying to fix the problem at the root itself, which is good.
-tom
Over 75% of the mail we receive is one time messages from customers. We certainly don't want them to jump through hoops if they are trying to reach the order desk or customer service.
And the majority of the mail we send out are automated order confirmations or acknowledgments.
Therefore, if a customer is using an ISP or system that requires some kind of response before delivering those messages, then they just won't receive their mail. There is no standard way of responding to a whitelist so we can't automate the process.
I use GMail, and spam is pretty much non-existent. Maybe 1 in a 200 spam emails will get through. Hotmail on the other hand, is 2nd grade (as are most Microsoft products). I still have an old Hotmail account, and it just fills up with spam constantly.
If spam bothers you, get a GMail account. www.gmail.com
Today, it costs them effectively nothing to send millions of messages. If the hit rate of someone who buys something is .01%, who cares, they still make money.
If a system were devised that charged $.0001 per email sent and ISP's played along by giving most "retail" users 10000 messages per month and large (legitimate) corporations (who sign up for some kind of authentication like DKIM) unlimited messages then the finances turn upside down and the profit for spamming goes away, or they at least get much more selective in who they send to.
Me, I can't see the arms race stopping since every technology used will have some form of hack that breaks the system (cryptology included, tell the folks from the MPAA that crypto systems are uncrackable) The solution has to lie in the financial equation.
-bill
1. People are used to free email. Not many people are willing to pay for e-mail, even if it is a fraction of a cent. Besides, if email providers were to start charging for email, the price would undoubtedtly increase with time. In time, it would come to be like snail mail, where you might spend $7 for a few stamps.
2. So who does the money go to? Microsoft? Yahoo? Both? The problem with charging for one of the basic internet services is that, the most successful company gets to call the shots. A chance for monopoly exists. Such a monopoly could compromise the open nature of the Internet.
At least that's the way I see it.
-tom
I dont know whether domainkeys can be a solution to prevent spams when already they are being used in spam mails.
Once Domainkeys is more widely adopted then people will be able to easily build blacklists or white lists that cannot be bypassed since forged email will be a lot more difficult.
We are still in phase 1, trying to get a larger percentage of the Internet to use Domainkeys so the system can become useful.
Right now you can only use it to be certain that a message is forged.
Use one of the free email addresses whenever you're filling out a form on the web. Then the spam goes to that account, and you don't have to be bothered with it.
Plus I've created a couple of email accounts that never were used but which filled up with spam.
You may make your email address more likely to be spammed but it appears that there is more to it than just that.
-tom
There are plenty of infected Windows PCs running malware that
harvests email addresses from address books, mail files, etc. and
spreads them around. All you have to do is have your email address
in such a person's address book, or merely have a message in their
mailbox file for it to be harvested for spam.
I use a Hotmail account to use to sign up for almost everything. I figure MS deserves to hold my spam.
So far we havent done that good a job well atleast i get junk mail i find usless reather often and such.
It's much more narrowly targeted to someone that at least has a possible interest in the category. I don't give a rats a** about fake rolexes (nor real ones either, but that's another story) and would never buy one. No bulk mailing (of paper) would ever target me for such stuff, it costs too much.
BTW, junk mail does to some extent subsidize the cost of other first class mail. It's delivered pre-sorted to the PO which costs considerably less than the regular mail. So to some extend, junkmail is GOOD for the people who use other fist class mail services. Whereas spam is just bad for everyone.
Again, no technology solution will ever work (in my mind). The only way to win is to wage a financial war.
Traslation: You're still going to get spam but just from the people we do business with.
-tom
It was submitted as an RFC, but it hasn't been approved even in a preliminary fashion.
Train your users to STOP typing their email address into websites, and let them know that THEY'LL have to deal with the spam if they get it.
Also, spammers try all combinations of email addresses hoping to get real ones. Why not - email is basically free to send. Especially when you're sending it from a compromised machine. Several times now I've created email addresses and had spam in them before I ever gave the address out.
While its not wise by any means to give out your email to anyone who asks, its certainly not the only way for the email address to get out. And once it gets out, it's out for good!
if this thing can find it's way around getting shut out of forums, an email version could probly be made too:(
I trashed the message, so can't corroborate my statement with evidence. Oh well.
Last time I had a Niger offer, I fwd: that to my ISP and surprise (NOT!) there was no reply.
Meanwhile, only this morning, I received another kneejerk from a known contact -- her msg with 25 addys in the To: field no doubt spawned thousands of panic follow-ons about the dread "Olympic torch" virus threat. *sigh*
Such people never learn, no matter how many times you tell them it takes only seconds to google about suspect threats.
The nature of email and the internet means that spam and other threads will always be there in some form.. we can only aim to reduce it's impact on our day to day lives. :)
How will receivers get that? Do they use a trusted third party? I'd imagine they need to---if the public key is in the email, the DKIM method offers no security because any spammer could create a public key and sign the message.
The assumption is that a spammer looking to forge the from would not be able to change the DNS record for a domain.
It should actually be no problem for ISPs to spot
sudden unusual outgoing email activity, and shut down
that connection and inform the person that they need to clean
up the machine, and only then let them get back on-line.
If ISPs were serious about this, spambots would loose their
appeal.
But there are probably enough "disinterested" ISPs out there,
that want their money no matter what goes through their cables.
However, these would probably be not Major ISPs. If
lots of SPAM comes through a particular route, the
large ISPs could block that.
Indeed Verizon at one point disrupted email from Europe
to the USA by blocking major parts of it - claiming it
as SPAM. This is of course ridiculous.
But serious efforts on the part of ISPs to stem Spam
at the source would definitively help.
As long as these companies ARE behind it and Microsoft is NOT... it's bound to be a winner. (* CHUCKLE *)
Walt
I disagree. Until there is a native implementation in Microsoft Exchange that can be enabled in a few clicks we Domain Keys won't go too far.
Too many enterprise live and die by their exchange servers.
At least Apple Mail and Yahoo Mail allow the user to determine what is really spam and what is not.
I do not need some vitual nazi to take that choice away from me.
This seems to be a case where the cure is worse than the disease. Or technology running amok.
"Domain keys authenticates that a email came from "a domain" and was not forged."
SOMEONE PLEASE DEFINE "DOMAIN" - IN THIS CONTEXT!
Besides, you can always forge the header just like you can forge the from IP address.
A more viable (but no more effective) solution is to look at the content, not the header, and note if the same content is sent to a large number of people, then go for further processing. So, essentially, the fruitless battle presently being fought. Either that of something like BlueFrog, but that does have it's own issues.