RE: yahoo to use public key technology for anti-spam
I'm not connecting to an open relay. When I pay for service at the local internet café, part of what I get for my money is time on their SMTP server. ..ditto when I pay for cable modem, as I am doing right now. My cable modem provider is cablespeed.com and SMTP server is mail.cablespeed.com. As far as I know, it's available only to its legit subscribers. However, at the end of the month, I'll be signed up with a different cable modem provider. That relationship will last a couple of months, and then I'll be with a different one. Each of these is legit. None is an open relay. But, I don't want to send change-of-address notes out to all my friends every time I change - so I receive through (and identify myself via) a remailer at acm.org. - Carl +--+ |Carl M. Ellison [EMAIL PROTECTED] http://theworld.com/~cme | |PGP: 75C5 1814 C3E3 AAA7 3F31 47B9 73F1 7E3C 96E7 2B71 | +---Officer, arrest that man. He's whistling a copyrighted song.---+ > -Original Message- > From: Anton Stiglic [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 07, 2003 2:11 PM > To: Carl Ellison; 'Will Rodger'; 'Steve Bellovin'; > [EMAIL PROTECTED] > Subject: Re: yahoo to use public key technology for anti-spam > > > - Original Message - > From: "Carl Ellison" <[EMAIL PROTECTED]> > To: "'Will Rodger'" <[EMAIL PROTECTED]>; "'Steve Bellovin'" > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Sunday, December 07, 2003 8:44 AM > Subject: RE: yahoo to use public key technology for anti-spam > > > > I, for one, hate the idea. My From address should be > [EMAIL PROTECTED] That's > > my remailer where I receive all my incoming e-mail. > However, my outgoing > > SMTP server depends on which cable modem provider or hot > spot I happen to > be > > at the moment. It would be that SMTP machine that signs my > outgoing mail, > > not acm.org who never sees my outgoing mail. > > But you should be sending mails via *your* SMTP server, and should be > connecting to that SMTP server using SSL and authentication. > Open relays > encourage spam. People shouldn't be relaying mail via just > any SMTP server. > > --Anton > > - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
Dan, Using your own SMTP from a dynamic IP (cable, DSL and modem access, for example) fails because of (the brain-dead) black-listing of dynamic IP blocks to prevent spam -- see http://dynablock.easynet.nl and http://www.pan-am.ca/pdl/ Also, as seems to be the norm now, most viruses come with a primitive SMTP engine built into them -- which, again, taints dynamic IPs (since many home machines are inflected). Cheers, Ed Gerck Dan Geer wrote: > I'm actually experimenting with sending mail directly, > per this little hack[1], which does have separate paths > for incoming and outgoing, but does not rely on the local > hotspot/whatever. > > --dan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
[EMAIL PROTECTED] wrote: Does anybody know what has become of the low-tech, no-cryptography-needed RMX DNS record entry proposal? A google search for "rmx dns" without quotes brings up as its first hit the Internet Draft at IETF which is dated October 2003. The subsequent hits show lots of discussion about it. You might also be interested in http://spf.pobox.com which seems to be a similar proposal that extends the MX record rather than define a new rmx record. To bring it back to the cryptography topic of this list, the draft proposal for rmx brings up a problem with crypto solutions that I did not see mentioned here yet. I'll just quote the relevant paragraph from the Draft rather than summarize it. Note that the draft states that it specifies only non-cryptographic mechanisms but still allows use of cryptography. [begin quote] 2.4. Shortcomings of cryptographical approaches At a first glance, the problem of sender address forgery might appear to be solvable with cryptographic methods such as challenge response authentications or digital signatures. A deeper analysis shows that only a small, closed user group could be covered with cryptographical methods. Any method used to stop spam forgery must be suitable to detect forgery not only for a small number of particular addresses, but for all addresses on the world. An attacker does not need to know the secrets belonging to a particular address. It is sufficient to be able to forge any address and thus to know any secret key. Since there are several hundreds of millions of users, there will always be a large amount of compromised keys, thus spoiling any common cryptographic method. Furthermore, cryptography has proven to be far too complicated and error prone to be commonly administered and reliably implemented. Many e-mail and DNS administrators do not have the knowledge required to deal with cryptographic mechanisms. Many legislations do not allow the general deployment of cryptography and a directory service with public keys. For these reasons, cryptography is applicable only to a small and closed group of users, but not to all participants of the e-mail service. [end quote] -- sidney - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
>Does anybody know what has become of the low-tech, >no-cryptography-needed RMX DNS record entry proposal? Versions of it are bouncing around in the IETF anti-spam research group. The one with the most traction appears to be Meng-Weng Wong's SPF which is rather too complex for my taste. Regards, John Levine, [EMAIL PROTECTED], Taughannock Networks, Trumansburg NY http://www.taugh.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
- Original Message - From: "Steven M. Bellovin" <[EMAIL PROTECTED]> > I use a variety of email addresses, for various reasons. I have my > usual work account, some university accounts, a few personal accounts, > one I reserve for EBay use, etc. I also use several different SMTP > servers to send my email. I *always* have a secure tunnel set up; in > fact, Postfix on my laptop is hard-wired to send to port 20025 on > 127.0.0.1. Of course, where that ends up will vary, but it's not in a > one-to-one correspondence with the sending address I use. The Yahoo > scheme would apparently require that each email I send be routed via > the domain owner's SMTP server. So I`m guessing you have all your emails forwarded to one mail account and fetch them all from there, and when you reply or send a new email you just use one of your SMTP servers, which doesn't necessarily correspond to the incoming (POP or IMAP or whatever) server you received the mail from. Is that correct? In that case I guess it becomes problematic. If you just receive your mail from one incoming server I don't see a problem of having your mail be sent via the SMTP on same machine where your incoming mail server resides. If the signature just certified that the mail was relayed via an SMTP server where the user authenticated himself I think that would be a good idea (SMTP server that necessarily on the same machine than the incoming mail server). Than at least you would know that the email you received was send by someone who authenticated himself to some SMTP server, and not just someone that sent the email via an open relay. If you want something better it seems that it requires the sender to have possession of his private signature key and sign the emails he sends, but that's not a user-friendly solution and I think we all agree that it won't work in practice (not transparent enough...) --Anton - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
Zefram, Z> It seems to still exist -- draft-danisch-dns-rr-smtp-03 is dated 2003-10 Z> -- though it should have been abandoned long ago in favour of similar but Z> superior proposals. draft-fecyk-dmp (formerly draft-fecyk-dsprotocol), Z> which has almost identical capabilities, is also still in active Z> development. There's also a more flexible version of the idea, which Z> I skimmed through when it was announced and now can't recall the name of. Thank you for this pointer. DMP indeed seems to be better than RMX. Carsten - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
[EMAIL PROTECTED] wrote: >Does anybody know what has become of the low-tech, >no-cryptography-needed RMX DNS record entry proposal? It seems to still exist -- draft-danisch-dns-rr-smtp-03 is dated 2003-10 -- though it should have been abandoned long ago in favour of similar but superior proposals. draft-fecyk-dmp (formerly draft-fecyk-dsprotocol), which has almost identical capabilities, is also still in active development. There's also a more flexible version of the idea, which I skimmed through when it was announced and now can't recall the name of. -zefram - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
Does anybody know what has become of the low-tech, no-cryptography-needed RMX DNS record entry proposal? - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
In message <[EMAIL PROTECTED]>, Dan Geer writes: > >> So, in capsule: this proposal assumes that you use the same machine for >> outgoing and incoming e-mail. > >I'm actually experimenting with sending mail directly, >per this little hack[1], which does have separate paths >for incoming and outgoing, but does not rely on the local >hotspot/whatever. > I used to do that, but I had to give up -- too often, my laptop happened to be in someone's blacklist range. Right now, for example, it's in Comcast's IP addr space, and some people regard that as a spam source. But we're wandering off-topic. Btw -- I've been told that Yahoo has not yet disclosed technical details publicly. --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
In message <[EMAIL PROTECTED]>, bear writes: > >>But you should be sending mails via *your* SMTP server, and should be >>connecting to that SMTP server using SSL and authentication. Open relays >>encourage spam. People shouldn't be relaying mail via just any SMTP server. > >This is generally how I work it. I sit down at any hotspot and I >get network connectivity. But all the hotspot is ever going to see >of my browsing, email, and anything else I like to keep private is >SSH packets to my home machine, or encrypted X packets running >between the X server on my laptop and X clients on my home machine. > >A bit of lag is acceptable. Sending private mail via untrusted >SMTP servers is not. That isn't Carl's point. He may very well be using a trustworthy SMTP server, via a secure tunnel. The issue is whether he has to use a server owned by the owner of his return address. I use a variety of email addresses, for various reasons. I have my usual work account, some university accounts, a few personal accounts, one I reserve for EBay use, etc. I also use several different SMTP servers to send my email. I *always* have a secure tunnel set up; in fact, Postfix on my laptop is hard-wired to send to port 20025 on 127.0.0.1. Of course, where that ends up will vary, but it's not in a one-to-one correspondence with the sending address I use. The Yahoo scheme would apparently require that each email I send be routed via the domain owner's SMTP server. --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
[EMAIL PROTECTED] wrote: To avoid replay attacks one needs to sign a string that is tied to a specific message or time period I agree. Even time period and message content aren't good enough: Let's say that the outgoing SMTP mailer at example.com is trusted. Spammer gets an account at example.com, sends themselves one message, then immediately copies the signature into forged headers for their spam that is sent out through whatever open relays or compromised machines they are using. The only way that the mail can be trusted is if it is being received directly from the example.com SMTP server. If there is any relaying, there is nothing that remains true and constant to sign. But that is the situation we have today: My ISP's server can choose to refuse to accept connections from servers that are on a blacklist of open relays and spammers, and can, in theory, have a list of known good servers who authenticate their clients. If all the new header does is verify the sending mail server, that is done just as well by verifying the ip address at the time of connection. -- sidney - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
Through the biting wind of a Cleveland Winter, I saw Anton Stiglic write: But you should be sending mails via *your* SMTP server, and should be connecting to that SMTP server using SSL and authentication. Open relays encourage spam. People shouldn't be relaying mail via just any SMTP server. Yes, that's true for home or personal use, but in a large organization, mail is likely to go through multiple SMTP servers before it reaches the server which hosts the user's mailbox. At my previous company, a piece of mail destined for a foreign address saw at least two and sometimes three SMTP servers on the way out; an inbound message from the outside saw at least three. Each of these servers will need to write to the message headers. Then there are the situations where you are at a company or university or something and they have locked down the outbound policies and it is impossible to initiate an outbound SMTP connection on port 25 or 465. In those situations, one *must* use the local SMTP server, even if it's not the ideal one. K -- In Vino Veritas ICQ: 14047557 http://userguide.mozdev.org http://kevin.astroturfgarden.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
> So, in capsule: this proposal assumes that you use the same machine for > outgoing and incoming e-mail. I'm actually experimenting with sending mail directly, per this little hack[1], which does have separate paths for incoming and outgoing, but does not rely on the local hotspot/whatever. --dan [1] http://www.reitter-it-media.de/software/osxpostfix.html - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
Carl Ellison wrote: So, in capsule: this proposal assumes that you use the same machine for outgoing and incoming e-mail. No, it implies a service that your outgoing mail server makes available that has you authenticate to it in some way and then signs your mail in some way. The article doesn't make clear exactly how it would work. The signature might just certify that the mail really was sent through the mail server that the headers claim was used. That would allow you to use any email address that you want, such as your acm.org address, and the signature certifies that you authenticated yourself with the SMTP server. My ISP recently switched to using TLS SMTP/Auth for access to their SMTP server from outside their network for their customers. It would be easy and useful for them to stamp mail that I send to show that it really was sent through their SMTP server and that they know who I am. This might not be exactly the same as what Yahoo! is talking about: They might be thinking only about mail with a yahoo.com From address being sent through a yahoo.com server and being signed with a key associated with the yahoo.com domain. But if the signature is taken to authenticate the domain of the SMTP server in the initial Received header, then it is possible to maintain lists of servers of ISPs who are trusted to authenticate users of their SMTP servers and to have anti-spam policies, and blacklists of servers that are spam sources. The From address would be irrelevant. -- sidney - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
On Sun, 7 Dec 2003, Anton Stiglic wrote: > >- Original Message - >From: "Carl Ellison" <[EMAIL PROTECTED]> >To: "'Will Rodger'" <[EMAIL PROTECTED]>; "'Steve Bellovin'" ><[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Sunday, December 07, 2003 8:44 AM >Subject: RE: yahoo to use public key technology for anti-spam > > >> I, for one, hate the idea. My From address should be [EMAIL PROTECTED] That's >> my remailer where I receive all my incoming e-mail. However, my outgoing >> SMTP server depends on which cable modem provider or hot spot I happen to >be >> at the moment. It would be that SMTP machine that signs my outgoing mail, >> not acm.org who never sees my outgoing mail. > >But you should be sending mails via *your* SMTP server, and should be >connecting to that SMTP server using SSL and authentication. Open relays >encourage spam. People shouldn't be relaying mail via just any SMTP server. This is generally how I work it. I sit down at any hotspot and I get network connectivity. But all the hotspot is ever going to see of my browsing, email, and anything else I like to keep private is SSH packets to my home machine, or encrypted X packets running between the X server on my laptop and X clients on my home machine. A bit of lag is acceptable. Sending private mail via untrusted SMTP servers is not. Bear - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
On Sun, 7 Dec 2003, Anton Stiglic wrote: > But you should be sending mails via *your* SMTP server, and should be > connecting to that SMTP server using SSL and authentication. Open relays > encourage spam. People shouldn't be relaying mail via just any SMTP server. > This is misguided, but we should not start that flame-war here. -- Viktor. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
- Original Message - From: "Carl Ellison" <[EMAIL PROTECTED]> To: "'Will Rodger'" <[EMAIL PROTECTED]>; "'Steve Bellovin'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, December 07, 2003 8:44 AM Subject: RE: yahoo to use public key technology for anti-spam > I, for one, hate the idea. My From address should be [EMAIL PROTECTED] That's > my remailer where I receive all my incoming e-mail. However, my outgoing > SMTP server depends on which cable modem provider or hot spot I happen to be > at the moment. It would be that SMTP machine that signs my outgoing mail, > not acm.org who never sees my outgoing mail. But you should be sending mails via *your* SMTP server, and should be connecting to that SMTP server using SSL and authentication. Open relays encourage spam. People shouldn't be relaying mail via just any SMTP server. --Anton - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
On Sat, 6 Dec 2003, Will Rodger wrote: > Steve Bellovin wrote: > >http://edition.cnn.com/2003/TECH/internet/12/05/spam.yahoo.reut/ > > > Does anyone have details? How much overhead would this entail? > To avoid replay attacks one needs to sign a string that is tied to a specific message or time period and is invariant under forwarding through various relays and gateways. The header and envelope sender and recipients are often subject to rewriting, the Message-Id can be cloned. What exactly would they have the sender domain sign. I am skeptical that such a proposal can acquire any traction. Also curious to see the details... -- Viktor. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: yahoo to use public key technology for anti-spam
I, for one, hate the idea. My From address should be [EMAIL PROTECTED] That's my remailer where I receive all my incoming e-mail. However, my outgoing SMTP server depends on which cable modem provider or hot spot I happen to be at the moment. It would be that SMTP machine that signs my outgoing mail, not acm.org who never sees my outgoing mail. So, in capsule: this proposal assumes that you use the same machine for outgoing and incoming e-mail. +--+ |Carl M. Ellison [EMAIL PROTECTED] http://theworld.com/~cme | |PGP: 75C5 1814 C3E3 AAA7 3F31 47B9 73F1 7E3C 96E7 2B71 | +---Officer, arrest that man. He's whistling a copyrighted song.---+ > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Will Rodger > Sent: Saturday, December 06, 2003 7:01 PM > To: Steve Bellovin; [EMAIL PROTECTED] > Subject: Re: yahoo to use public key technology for anti-spam > > Steve Bellovin wrote: > >http://edition.cnn.com/2003/TECH/internet/12/05/spam.yahoo.reut/ > > > Does anyone have details? How much overhead would this entail? > > And how, btw, should we feel about having to sign every > message from our > very own vanity domains? > > Will Rodger > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > [EMAIL PROTECTED] > - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: yahoo to use public key technology for anti-spam
Steve Bellovin wrote: http://edition.cnn.com/2003/TECH/internet/12/05/spam.yahoo.reut/ Does anyone have details? How much overhead would this entail? And how, btw, should we feel about having to sign every message from our very own vanity domains? Will Rodger - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
