AOL Will Not Support Sender-ID 269
DominoTree writes "America Online said Thursday that it will not support the Microsoft-backed antispam technology called Sender-ID. The online giant cited 'lackluster' industry support and compatibility issues with the anti-spam technology SPF that AOL supports."
Hmm, not too fond of Redmond? (Score:5, Interesting)
What? (Score:5, Interesting)
Looks like it was a domino effect... (Score:5, Interesting)
"The online giant cited "lackluster" industry support and compatibility issues with the antispam technology SPF, or Sender Policy Framework, that AOL supports.
AOL's moves come days after the Internet Engineering Task Force standards body voted down the Sender ID proposal. The IETF said Microsoft's decision to keep secret a patent proposal for the technology was unacceptable. Open-source groups also pulled their support of Sender ID, claiming its licensing restrictions were too strict. AOL agreed with the IETF fallout and added its own reasoning.
"AOL has serious technical concerns that Sender ID appears not to be fully, backwardly-compatible with the original SPF specification--a result of recent changes to the protocol and a wholesale change from what was first envisioned in the original Sender ID plan," AOL spokesman Nicholas Graham wrote in an e-mail."
CB_===__-8a90fuds76
Re:Hmm, not too fond of Redmond? (Score:5, Interesting)
Responsible ISP (Score:2, Interesting)
Obviously the spammers, and DoSers have an ISP, and if their ISP were punished by upstream providers for allowing their network to emit this kind of crap, by blocking them until the problems are solved, maybe they'd use some initiative to solve these problems.
I do understand that most DoSers are not the fault of the user, but surely the ISP could notify the user, and force them to do something about it.
Don't use email in the office anymore (Score:4, Interesting)
Maybe it's time to simplify.
dump email all together in the corporate environment and opt instead for a more secure solution based on PKI or kerberos or any other host of security structure.
If some contact absolutely needs to receive something via email, no problem. "We will gladly send you an email, but you just can't send us one. Unless, of course, you wish to send it to an employee's private email adress; we don't accept email internally anymore."
"Sorry mr. corporate contact, you must log in to our site www.dmail.company.com and submit messages that way. We have had too many problems with spam and viruses.
there is a nice, lightweight client you can install if you don't wish to log in every time."
It seems to me it wouldn't be that difficult to use a non-email solution for your corporate mailing needs (like the aforementined dmail which i've been hearing so much about), and if another company's IT department can't handle that light technical strain, then it would seem that IT department needs a wake up call.
where are the flaws in this reasoning?
SFP will not prevent AOL from getting spam. (Score:5, Interesting)
And this doesn't prevent Spam. It prevents job jobs. If a spammer is willing to ID the domain his mail comes from and not spoof he can Spam you all he wants. Course with a legitimate domain name/IP# you can blacklist him too.
Re:Hmm, not too fond of Redmond? (Score:5, Interesting)
MSN is tied into the OS in a bunch of other places too ("You're running Outlook for the first time! Would you like to set up a free MSN account?").
Making deals with Microsoft is hard.
Re:as a sys admin (Score:4, Interesting)
It took me about a month to get myself straight after I'd been blacklisted. They also "removed" the blacklist, and said it was IP-based, but intermittent errors would pop up for weeks afterwards. joeluser@myhost could send to AOL, but janeluser@myhost could not.
BTW, google for "Jason Smathers" if you want to see how effective they've been.
Re:as a sys admin (Score:2, Interesting)
Its not always AOL as a company or as sys admins as its also the users hitting the "this is spam" button... even when its clearly not.
Re:Don't use email in the office anymore (Score:5, Interesting)
Seriously, for the most part in the corperate world, you need to take all reasonable steps to accomadate those you do bussiness with. If you make it a nightmare, people will up and dump you.
This even applies to the big guys. Friend of mine works for Rainbird sprinklers. They are by far the biggest name in irrigaton equipment and basically anywhere that does home improvement sells Rainbird.... Except for Walmart.
The reason isn't because Walmart dumped Rainbird but because Rainbird dumped Walmart. Walmart made it very difficiult for Rainbird to do bussiness with them, demanding sacraficies Rainbird didn't want to make so Rainbird finally just refused to sell to them.
Well if you are a small company, this is even more true. If Altera told Cisco they'd no longer accept e-mail for anything, I imagine all Cisco routers would start including Xylinx FCPGAs instead.
Your customer uses AOL (Score:5, Interesting)
Lots of those 'morons' are customers so people need to send mail to AOL.
Reading between the lines it's only a matter of time before AOL stops accepting mail from domains that don't publish SPF records. They already reject mail if your reverse DNS doesn't resolve. They're publishing their own too: Good for them.
Re:The Problem? (Score:3, Interesting)
So the problem with patents is that MS *is* starting to mobilize them as offensive weapons against open source in general, and the GPL specifically.
Thanks AOL (Score:2, Interesting)
I suddenly dont feel so bad for installing AIM to talk to strange women
I feel that what microsoft is looking to punish the witness for what the criminal has done with, although I may be wrong, the intention of profiting off the witness while making the victim feel they, being MS, are trying to helping them out.
Re:Patents have to be clear and public (Score:3, Interesting)
Neither Sender ID nor SPF stop forgery (Score:5, Interesting)
Check out Yahoo's inaccurate paraphrasing... (Score:5, Interesting)
What? Since when did AOL reject it just because it's owned by Microsoft?
Link to the article [yahoo.com]...
For once AOL does something the media should be praising it for, yet they're practically insulting AOL publically...
"...would not adopt Microsoft's SenderID protocol because it has failed to win over experts leery of Microsoft's business practices."
I wonder if I'm the only one getting painfully tired of the way the news media paraphrases and misrepresents peoples'/groups' positions...
Re:Better Solution (Score:5, Interesting)
The only partially useful modification is some form of authentication which would certify the origin of the SMTP connection. Just as I can telnet to a POP3 server and make it think I am a real POP3 client, an end user can make an SMTP server believe it is another server.
SPF offers a sleek way of authorizing what machines may deliver mail on behalf of a domain. I could trivialize it by comparing it to a domain owner-controlled authentication system for emails without requiring a central authentication repository or authority.
What is wrong with this implementation? Can you suggest a modification to SMTP that will acheive similar or better results? If not, then drop your argument, that stick, and step back from the dead horse.
Re:Check out Yahoo's inaccurate paraphrasing... (Score:2, Interesting)
Re:Neither Sender ID nor SPF stop forgery (Score:2, Interesting)
The main problem with GPG is a lack of (a) mail clients using the standard MIME method of sending GPG emails and (b) lack of a good trust mechanism.
Schizophrenia (Score:4, Interesting)
It's hardly surprising that some people aren't sure how to feel about AOL sometimes. On one hand, they adopt IE or kill some promising project and get hisses and boos. On the other, they occasionally support or initiate a nifty open source project, or take a position we're prone to like.
Seems to me... and I'm hugely guessing here... that there's two factions in AOL to consider. The tech people, and then marketing/legal/etc. The tech people can sometimes (not always) do some stuff that benefits people, and probably mean well in general in any case. As long as something remains under the radar of the rest of AOL's bunch, and/or results in lots of positive P.R., it lives. But if the legal department or someone panics, well... we all saw what happened to Nullsoft's gnutella implementation, initially. And AOL is kinda flip-flopping where Netscape is concerned, I think.
In this case, the tech guys over there probably pretty much had a lot of sway over the Sender-ID thing. The lawyers, marketing people, et al. have far more important things to worry about, I presume.
Re:Your customer uses AOL (Score:3, Interesting)
That's a max of 2,277 outgoing mail servers!
DomainKeys will not work. Crypto costs time and $! (Score:2, Interesting)
It won't work!
Cryptography costs time and money to use! Just look how long it takes to bring up a secured webpage (HTTPS)....
Now imagine if the entire World Wide Web was that way....
Not everybody on the internet have the fastest systems available for use. Even then, such systems would be overwhelmed by all the crypto they have to do in order to process email using the DomainKeys system.
Instead of time consuming crypto, why not use fast, simple, effective spam filtering like my approach. [cf13.com]
Joe-job fix (Score:3, Interesting)
Having finally persuaded my ISP that = (equals) is a valid character in a TXT record I was able to publish my own SPF records.
Based on a sample size of 1 I'd like to suggest that spammers don't joe-job domains with restrictive SPF records. That makes sense. We already know spammers know about (and use) SPF records. It make sense for them not to use a domain that will be blocked by any SPF aware mail recipient.
The fantastic news for me is that instead of 8,000+ bounces from joe-jobs flooding my mail server each day (imagine how many more emails are delivered or blocked by spam filters), since publishing my SPF records that has completely stopped.
Why am I such a target? I notice that the more often I report to SpamCop the more often I am targetted, but the heavy waves seem to have coincided with increased awareness of an anti-spam SMTP filter I wrote. I guess my work got noticed. Just a guess though.
Re:Don't use email in the office anymore (Score:2, Interesting)
1. One major problem is that I want all my outgoing e-mail in ONE place (i.e. app). Whatever that is, it has to be easy to search, so I can find out who I told what. If the people I e-mail have got a different system to me, it makes it 100 times (or however many different organisations I contact) harder to sort out.
2. What you're essentially proposing is a change to the messaging infrastructure, which is probably a big reason for AOLs rejection.
3. It would restrict communication to some degree (make it harder), and better communication = more trade.
4. I don't want to have to run 15 different lightweight clients and remember how to use all of their interfaces individually etc!
However, to develop your idea, you _could_ feasibly do something similar, but instead of requiring an entirely new interface, you could require your contact to digitally sign all future correspondence. This does at least fit into existing systems, while still allowing accurate filtering.
Re:ah, props to AOL for once! (Score:5, Interesting)
One I've noticed recently - I've hardly seen an obvious FrontPage site in months. Either people who started building websites which look less "frontpage like" or it's not being used as much.
Is there anyway to calculate the level of Frontpage usage?
Re:ah, props to AOL for once! (Score:1, Interesting)
Re:ah, props to AOL for once! (Score:3, Interesting)
Not necessarily related, but the last version of FP is a lot better than the previous ones - I guess the MS Frontpage team got tired of being the laughing stock of the web dev community...
Re:What? (Score:3, Interesting)
Probably since I employ it (ASK, http://www.paganini.net/ask/ [paganini.net]) behind some bayesian filters (ASSP, http://assp.sourceforge.net/ [sourceforge.net]). Considering that my domain receives thousands of UCE/UBE each day, I have no choice but to take militant actions.
ASSP automatically whitelists everyone I mail to, and sets the TTL to 90 days. So any reply is going to be automatically accepted by ASSP.
ASK on the other hand is set that if my "key" (in this case, my PGP Key ID) appears anywhere in a message to me, it blindly accepts it.
Considering that my PGP key appears in every one of my messages, as part of my signature, this isn't usually a problem.
The problem lies in the fact that certain CRM applications like Kana, etc., insist on changing the from-line for each message they send out, and don't include the original message in the reply. How the hell am I supposed to know which address to whitelist when it comes from something like: ?
I consider THAT to be a broken CRM.
Simply closing a ticket without working on it shows poor customer service on your part, and you're not helping your company much by doing so.
How many potential customers have been told by your customers that your company/ service sucks because tech support or customer service was unresponsive?