Yahoo Submits DomainKeys Draft To IETF

NetWizard writes "According to a mailing list post at the IETF, Yahoo's website and a Wired News story, Yahoo has made the DomainKeys draft public and submitted to the IETF." Russ Nelson explains "Basically, your MTA uses RSA-SHA1 to sign the headers and body of your email and inserts that signature before sending the email. The recipient MTA looks up $selector._domainkey.$domain in the DNS, gets your public key, verifies it, and inserts a notice. There's also a SourceForge project for a DomainKeys library." An anonymous reader asks "It seems to me that it doesn't offer anything more than the Sender Policy Framework by pobox.com, other than doing relay-based signing of the messages to provide the sender verification. SPF has already grown to over 14,000 domains so far and only requires an addition to your DNS to support (from the sending side). Verifying messages on the receiving MTA is as simple as doing a DNS lookup, most MTAs can support SPF now, the code is available and well tested. What advantages to people see in Domainkeys over SPF that are actually useful, and what standard should people implement?"

SPF breaks Forwarding

[Anonymous Coward]

I'm the SysAdmin of an ISP. We had to turn off SPF after some users couldn't send e-mail to people that used mail forwarders. For instance, if someone has a domain 'foo.com' that sends all mail sent to it to 'foo@verizon.net', and foo.com resides outside of verizon.net, my users wouldn't be able to send him mail if Verizon uses SPF.

SPF is junk. The number one priority of e-mail: Legit mail must reach the recipient.

Re:Patent Licensing

[Anonymous Coward]

It's probably better:

Yahoo! will grant a royalty-free, worldwide, non-exclusive license under any Yahoo! patent claims that are essential to implement or use any Implementations so that licensees can make, use, sell, offer for sale, import, or yodel Implementations; provided that the licensee agrees not to assert against Yahoo!, or any other Yahoo! licensees of Implementations, any patent claims of licensee that are essential to implement or use any Implementations.

Microsoft's implementation requires you to sign away your right to sue them for any patent claim and doesn't allow you to sublicense the technology (ie: GPL/LGPL/BSD-incompatible). This one is less agressive.

SPF breaks relaying

[Mr. Slippery]

other than doing relay-based signing of the messages to provide the sender verification.

SPF's handling of relays is broken: [pobox.com]

But that breaks forwarding!

Yes, it does. You'll have to switch from forwarding, where the envelope sender is preserved, to remailing, where the envelope sender is changed. But don't worry, we're working on providing SRS patches for the four major opensource MTAs, so that when you upgrade to an SPF-aware version, this problem will be solved also.

If DomainKeys takes care of that, I'd choose it over SPF in a heartbeat.

Re:One advantage DomainKeys has over SPF...

[denis-The-menace]

Yes it breaks forwarding but they have ways to make it seamless for users by using a
Sender Rewriting Scheme [pobox.com]

Re:To understand...

[Anonymous Coward]

We're using the DomainKeys library for some weeks now with qmail on a Solaris 9 box. It seems to work quite well though of course it hogs a little bit of CPU power. It's worth it though!

Re:SPF breaks Forwarding

[Mz6]

Info from the SPF site on forwarding...

"Forwarding services and web-generated email sites need to deploy SRS. Pobox.com, for instance, has already integrated SRS into its bespoke MTA using Mail::SRS.

Hobbyists who provide .forward or /etc/aliases services will also have to get an SRS-enabled MTA.

Sites that do not do .forward or /etc/aliases forwarding to remote sites will not need to do a thing.

Once a majority of forwarding setups are SRS-compliant, SPF publishers can change their defaults from "neutral" or "softfail" to "fail". "

Seems like for fowarding to work.. one method has to become a standard.. And we need to do it right this time. The above text says that everyone would have to install their software to get forwarding to work.

That's "boycott-email-caller-id.org"

[Anonymous Coward]

The post above has the wrong URL. The site that describes the patent issues with caller id for email is actually boycott-email-caller-id.org [boycott-em...ler-id.org].

It has a brief mention of domainkeys as well.

Re:To understand...

[tanguyr]

Not only that, but SPF also seems more flexible. Domainkeys seems limited to making sure that the from header was not forged and that the SMTP machine used is on that domain's approved sender's list. Don't forget that SPF allows you to say "any machine may send mail from my domain as long as the mail is digitally signed" - or "any machine with an MX record in my domain may send mail for that domain" (which you could update withoput having to regenerate keys, etc)

In short - SPF looks like the more elegant solution.

SPF and DK solve different problems

[CustomDesigned]

SPF validates the envelope from, and can be checked before the DATA phase of SMTP. Domain Keys validates the rfc822 headers, and can't be checked until after SMTP DATA.

You want to implement both. SPF detects envelope forgeries before you have wasted much bandwidth. You can then use right hand side blacklists on sender domains. Yes, spammers too are adopting SPF. This is OK - those who like spam have something other than instinct to warn them when they are dealing with a scammer instead of a spammer. Those who hate spam can ignore it more efficiently.

Domain Keys validates the message headers. It protects you against forgeries by users in the same domain - e.g. a spammer on yahoo forging an innocent party on yahoo. SPF can also detect envelope sender forgeries from the same domain in conjuction with SES (Signed Envelope Sender) - which adds a crypto cookie to the local part.

You should implement SPF first. It is simpler, and eliminates most forgeries before SMTP DATA. SPF requires sepcial consideration for forwarders (SRS [pobox.com] - Sender Rewriting Scheme) or whitelisting.

DK is a good addon for large ISP domains like yahoo and aol, but is broken by forwarders or mail processing tools that modify the body. For instance, my DSPAM [nuclearelephant.com] bayesian filter adds "tags" to messages.

Why domainkeys is better than SPF

[duncanthrax]

1. Domainkeys does not break forwarding.
2. Domainkeys can be used either on the MUA or the MTA, for both sender and recipient sides. This makes it possible to still use 3rd party relays.
3. Domainkeys spoof-protects the domain in the "From:" header field, which is what Joe Sixpack sees in his MUA application.

Domainkeys does have the problem that you can't add headers to messages without re-signing them. If you re-sign them you must also rewrite the "From:" header. This will affect mailinglists.

Domainkeys will not ultimatively solve the spam problem, but it is better than the broken SPF.

Re:SPF breaks Forwarding

[Daniel Boisvert]

You've gotta be kidding me. SPF requires SRS [pobox.com] for folks who use forwarding services. This is all over the website. It's also pretty clear from what I've seen that *all* the good solutions to the forged email problem will break forwarding as we do it today. That's just the way it goes. We can't afford to be as trusting today as we could when email was invented. It sucks, but it's reality.

Yes, folks need to implement things properly. That's largely why SPF has different fail modes, so you can slowly phase it in. As it gains more momentum, the folks who run mail servers will have to play along in order to have their systems reap the rewards of non-spoofed email. Welcome to the wonderful wide world of cooperation. There's this thing called the internet that works largely because of this. Perhaps you've heard of it?

Re:To understand...

[Russ Nelson]

DomainKeys signs the entire message, not just the From: header. DomainKeys lets anybody send regardless of IP address as long as they have a private key whose public key is published under that domain. A domain may have multiple keys, and generating a new key takes but a second.

The trouble with SPF is that it's based on IP addresses, and forwarding completely breaks SPF. That's why they need SRS in order to be able to forward at all.

Sure, they'll take your mail...

[Otto]

It won't be good enough for me to buy a T1 and run my mail server from there, I'll have to rely on Yahoo, MSN, AOL, Comcast and a few others to be my MTA because people won't accept mail from a small provider (or a single point system) any more.

Sure they will. With SPF, for example, you setup the SPF rule for your domain to allow that domain to be a sender of mail for the domain.

You will need to have your own domain, I admit.

Re:Possible method to defeat.

[-brazil-]

Could someone perhaps keep bouncing messages off the MTA and using the signed messages from that to try to decrypt the cipher and such?

A really good cipher is resistant even against such a "chosen plaintext attack"; furthermore, it's trivial to defeat such attacks completely by inserting a meaningless random element.

If a system is compromised (i/e: with a virus/worm) couldn't the technology be defeated via that as well?

Not nearly as easily as now, since it requires cooperation from the DNS server.

Re:Possible method to defeat.

[ArbitraryConstant]

Good points, but:

a) If your keys are stolen you can just update your DNS info with new keys, it'll only take a few days to propagate, and DNS security is reasonable to strong.

b) If a particular ISP is misbehaving, you can blacklist them, or filter them more agressively by other means. Once you know for sure who everyone is, blacklisting becomes much easier and much less damaging.

c) Cryptographic signing is well understood, large key sizes are practical, hardware acceleration is cheap, and signing/verifying a message is easier than running spamassasin on it.

d) DNS based authentication is the one thing I've heard that I can't reply to with this [sytes.net].

Re:SPF and DK solve different problems

[Malc]

Correct me if I'm missunderstanding SMTP (or just making things up), but once a message enters the DATA phase, isn't an MTA supposed to accept it? Aren't rejects during or after DATA supposed to be handled by bouncing rather than returning a failure error code to the sender? Which is the good thing about doing rejects before DATA as that forces the sender to deal with the problem.

Somebody please correct me if I'm wrong ;)

Re:To understand...

[blowdart]

You can add the "roaming" SMTP server to the allowed MX servers for a domain, I had to do it because my mobile phone provider forced me to use their SMTP box

SPF does not break forwarding

[CustomDesigned]

I am dismayed at how often this misunderstanding has been repeated here.

• If the receiver does not check SPF, then no mail is rejected and forwarding is not broken.
• If the receiver does check SPF, but doesn't use any forwarders, then forwarding is not broken.
• If the receiver does check SPF, but uses only forwarders that implement SRS [pobox.com], then forwarding is not broken.
• If the receiver does check SPF and uses a non-SRS forwarder, but uses a whitelist to avoid rejecting mail from that forwarder, then forwarding is not broken.
• If the receiver check SPF and uses a non-SRS forwarder, but configures their MTA to reject mail from that forwarder, then their incompetence will result in rejected mail. How is this the fault of SPF?

Re:To understand...

[blowdart]

OK, so use SMTP Auth and make your sales people use your company SMTP server. Even better bind it with SSL so it's all encrypted.

My phone provider was firewalling the SMTP port, now I am actually connecting to the ODMR port (not blocked) on my own server, authenicating using S/SMTP and sending to people on my mail server, and to others. SPF works in this situation.

Re:commments on boycott-email-caller-id.org/

[warrax_666]

Doesn't look to "encumbered" to me. Its free for anybody to use, even in GPL code, as long as you pass along the license agreement.

That last bit is not allowed by the GPL. It does not allow further restrictions on the distribution of the software which is under the GPL.

Re:One advantage DomainKeys has over SPF...

[Just Some Guy]

I feel for you, really, but look at it from another angle. You probably already have one email address: the one your ISP gave you. For all intents and purposes, that's your canonical identity when you're on the Internet. Now, if you want me to send email to your Yahoo! address instead of your ISP account, then give me that address and set a Reply-To: header in your email client to point to it. However, understand that as a mailserver administrator, I'm not terribly interested that you don't want to provide your "real" identifying information to my server or my customers. If you want to contact me or my users, then I want to know your "real" name.

In the real world, people are known by a certain name. They may ask people to call them by another name, but certain legal entities (banks, loan companies, etc.) will insist on having access to that person's official identity. This is vaguely similar to what SPF proposes.

Re:SPF and DK solve different problems

[AnotherBlackHat]

Correct me if I'm missunderstanding SMTP (or just making things up), but once a message enters the DATA phase, isn't an MTA supposed to accept it?

Consider yourself corrected.

RFC 2821 in section 4.2.5 Reply Codes After DATA and the Subsequent <CRLF>.<CRLF>
makes it clear that if an error code is returned after the final '.' then the receiver is specifically not supposed to handle the message, and any bounces are therefore the responibility of the sender.

-- this is not a .sig

Solveable problem

[mccrew]

True, but that's a solveable problem [pobox.com].

Re:One advantage DomainKeys has over SPF...

[ajs]

The first link seems to have been dropped. Probably a typo on my part.

It is:

http://homepages.tesco.net/~J.deBoynePollard/FGA/s mtp-spf-is-harmful.html [tesco.net]

I disagree with the conclusions, but the basic refutation of SPF and SRS seems to be quite sound.

Re:To understand...

[nolife]

Comcast does. I have to use my comcast username and password to send mail via their SMTP server from outside their IP space, I do not remember if auth is required within their ip space or not.

Re:To understand...

[pyros]

Residential ISPs should have their servers configured to require authentication when you're not on their network. And you should too. Otherwise you're an open relay. Well, if you just don't allow people to use your server when not on your network that works too, but that can be irritating for telecommuters whithout a tru VPN. I was at a place where everone was a telecommuter. We did actually have a small office, but none of the corporate servers were there, it was all in a remote data center. I had the SMTP server behind the firewall, setup SMTP auth to require a secure connection (either TLS on port 25 or SMTPS on port 465). If you weren't on an internal IP (which could be achieved by setting up and ssh tunnel) then you had to auth to send. It's a very low hassle solution to allowing roaming users to use the server securely without opening the door to spammers.

Re:Possible method to defeat.

[Minna Kirai]

furthermore, it's trivial to defeat such attacks completely by inserting a meaningless random element.

No. If your cipher is good, then you don't need to add random junk to prevent known plaintext analysis- and if it's bad, then the random element won't protect you.

(All the random effect can do is shift the position of the known plaintext within the encrypted message. This will at most increase the effort to brute-force by a factor of message length, so you can do better by choosing a superior cipher. If the randomness does something more, then it has become effectively an extension to the cipher algorithm)

Not nearly as easily as now, since it requires cooperation from the DNS server.

No, that has no effect. If my worm roots your box, then the DNS server will claim that the new emails being sent have the same source as the old ones.

Re:Domain Keys suffers from Replay Attack

[Anonymous Coward]

Duplicate messages are trivially blocked, and in fact many MTAs already block messages with duplicate Message-id's.

Re:One advantage DomainKeys has over SPF...

[Just Some Guy]

Where did I ever imply that I was making arbitrary rules? My clients ask me to reduce the amount of spam that they receive. I give them a list of policies, and the pros and cons of each. They pick the ones that they're comfortable with, and I implement them. In some cases, the clients are paying customers with machines in far-off states. In other cases, the clients are my family. Either way, I'm not single-handedly chosing policy.

I am, however, responsible for implementing that policy as best as I can. Right now, that involves a few blackhole lists, ClamAV, and SpamAssassin. Now I want to test SPF to see if it can help without causing too many false positives. The unfortunate reality is that huge operating expenses have caused most of my clients to decide that they can't afford to blindly accept email from just anywhere, and they're certainly not the only companies that have begun feeling this way.

The good news is that SPF and other technologies show promise of letting us little guys continue to run our mailservers. If some people had their way, the solution to spam would be to reject all email that doesn't originate from large businesses. Even if SPF inconveniences a few people, I still think it's a workable solution that does far more good than harm.

Re:Domain Keys suffers from Replay Attack

[rthille]

That attack could work, since I'm pretty sure Domain Keys doesn't sign the envelope.
Yahoo could immediately disable that account, but the spammer could continue to resend the same message. The 'To:' header would likely show only a no longer valid email address for the spammer. The 'From:' would of course be an ex-valid Yahoo account, probably created with bogus info.
But given that the messages would have to be completely identical, solutions like DCC (http://www.rhyolite.com/) would help.