Yahoo 'Domain Keys'E-mail authentication without a King Maker? ( old news - 03:02PM Friday Dec 12 2003) tags: security · spamTipped by justin  Yahoo this week announced they're working on an open-source software that uses public key cryptography to digitally sign e-mail and verify its origins. Dubbed "DomainKeys", the project is getting some air-time ( Security Pipeline, Reuters, New Scientist) - the launch date is vague, sometime in 2004, and the software will be compatible with Sendmail, qmail and postfix. E-mail passing through blessed servers will be tagged with a cryptographic signature as it passes through the mail server. Email clients or en-route mail servers can then check the e-mail's header, and compare it to a public key shared via DNS zonefiles to confirm authenticity, presumably dropping the message if something is wrong. Brad Garlinghouse, VP of communication products at Yahoo, says the project is part of a larger push. He argues that once "we actually have credibility and confidence that the E-mail that said it came from Yahoo.com actually did come from Yahoo.com, we then can use other intelligence and filters ... so that an individual user can, with confidence and effectiveness, determine what actually ends up in his or her in-box." "What we're proposing here is to re-engineer the way the internet works with regard to the authentication of e-mail," said Garlinghouse to Reuters. "So What?" came the response from technology websites and bloggers in unison for much of the week. Cryptonomicon.com wonders if there's more meat to the idea hidden somewhere in the wings: "By itself, this will do nothing to authenticate users or cut down on spam. It will simply increase the average entropy of messages being transmitted across the Internet.". I'm not sure about the criticism that this initiative will do "nothing" to reduce spam: once you have a system for tagging messages and checking authenticity upon receipt, the next step (blessed lists of domains allowed to send one email) becomes possible. The worldwide email system slowly morphs to become like a huge VPN, with checkpoints to get on. Even though hijacked PCs could still be used to inject spam ostensibly under the identity of the hijacked user, such a standard would force ALL such spam to be directed into the network this way. Moreover, the spammers would have to use on-ramps from blessed servers from big domain names, rather than "somebody's hacked server in china". The isolation of spam in such a way, if such a key system was widely adopted, would encourage providers to do more to shut-out compromised subscribers PCs. Google's Shuman Ghosemajumder, wonders that if the idea is to create momentum for an identity verification standard, why does Yahoo seem to be traveling the road alone up to this point? Yahoo programmer (though not working on the DomainKeys project) Jeremy Zawodny agrees, noting via his blog that "it seems a lot more like another lone cowboy going after the bandits.". Yahoo themselves used the King-Maker remark in the title of this news story, in a clear reference to possible future initiatives by a certain large company to lay down possibly more tightly held infrastructure based around passport (word © 2003 microsoft), that could one day lead to everyone paying a penny to an MS authentication network if they wish to send a message. By making this thing open-source from the start, Yahoo escapes criticism that they may be trying to own it all. But without Yahoo's recently announced anti-spam partners AOL and MSN on board (see April press release) along for the ride, does the authentication system stand a chance? I think they deserve to be heard out.
Related:- McAfee’s Security Threat Predictions
- Hackers Eyes Turn Towards iPhone
- Openwave and CommTouch Partner Against Spam
- Fortune 1000 Spam
- 'Support Center Robot' Spam Blast
- Turn Off The Music, Turn On The Porn
- Qwest Employs New Malware Security
- Thursday Evening Links
|
 NoFatChicks
No, I'M The Exon And You're The Intron
join:2002-06-15
Blountsville, AL
edit:
December 12th, @01:50PM
| First! Just like with other schemes to stop malicious/fake emails, two things will happen 1. You will block valid emails and 2. The hackers will get around it. | |
|  | Talis
join:2001-06-21
Houston, TX | Re: First! So your solution is to what - just quit trying? Whats your point? | |
| | | NoFatChicks
No, I'M The Exon And You're The Intron
join:2002-06-15
Blountsville, AL
| Re: First! Adding complex schemes like this does nothing to get at the root of the problem. This is like putting locks on your door, but then not having laws or a police force (or not much of one) to stop the criminals outside. Guess what happens in a situation like I just described? That’s right, the criminals find a way to force themselves in.
The root of advertising spam, for the most part, is the desire to make money and thus the ONLY thing that will stop it is to make it INCREASE the risk and DECREASE the benefit of the activity. The purveyors MUST be pursued and prosecuted, the government MUST provide a framework for reporting spammers, the companies that use unsolicited emails MUST be fined, the ISP’s MUST go after those sending spam, and foreign countries (i.e. South Korea, China, ect…) MUST go after spammers in their regions.
Do you see my point? Until the root of the problem is seriously addressed (and not just some ‘show cases’ like in Virginia recently), then what is the point of adding extra locks? | |
| | | | jconnell
join:2002-06-04
Newark, DE | Re: First! Never going happen. So the problem needs to be approached a different way. What will work? No one knows. But you will never get foreign goverments to police their ISPs (which is where most spam comes from) in anything close to that fashion. | |
| | | | rjparker9
Premium
join:2003-08-04
Lutz, FL
| Fat chicks has a point. Some other good points also exist in this forum. And yes, as 1 user put this is the most informative news group to date ( you are not missing anything, why do you think its so hard to get people to post.. no one ever posts anything interesting.. so many BBs die). Anyway, one other person pointed out, doing things the old fashioned way, does prevent spammers. For one thing, you have to pay bulk mail rates (.15 cents or something) but it ads up. Spammers can make money because its free to send an email. A million or just 1, doesn't cost them a dime. So putting locks on the doors isn't merely a protection, but neighbor hood watch goes a long way As long as EVERYONE participates. That's the key. big businesses have to push this through, smaller companies do indeed have a say with open source.. but that's a community of people all trying to achieve the same goal. How hard would it be to bring Linux users to use a unix version of Outlook... Yeah, that would go over like a fart in church. So we all use email, but trying to get all the isps to agree on a central email..hahaha.. I can't stop laughing. 2 things need to happend to stop spammers, make it unprofitable.. not by boycotting their products (there are too many stupid people out there.. even people that know.. not to open certain links still do it.. because something looks "tempting". That's how spammers are continually successful.). Make them pay for email.. like long distance service.. you go over a certain number you pay per minute or per email in this case. And 2, many people won't understand this, but yes, we need to blockade ISP's worldwide that don't do something about spammers. ISP are afraid of telling their people to cease and desist.. or else, that's instant closure of accounts, but if the ISP's unify, with the backing of the people like this forum that are tired of spam, the extra 10 bucks or whatever a month to get a license to return our email back to normalcy, I am for it. i would be willing to give my ISP an extra 20 bucks a month myself.. for premium mail.. guranteed no spam.. not filtered, only unsolicited email. if people send a link in a page.. they would have to get prior approval from that user.. to send from that point forward. If the mail is returned to unsubscribe, the ISP is made aware of the cancellation, and if another email comes back, that Spammers is fined, or they are banned from sending emails.. to any other ISP supported email service for a week or a day. If I send an email at work, and its innappropriate, i get called into the office by my boss, and he spanks my pee pee. The next time we have this conversation, it will be on the way out the door for good. That's a controlled environment. Spammers need to be treated the same way. Sternly and swiftly. But we can only do it, if we get the help of the ISp's and people to stop encouraging these people. i like the advertisements to some degree.. but only when its not in my face. I am sure we all surf pages.. Those "popup" bulletin boards.. are annoying, but they are the sponsors for that page.. so i don't mind them.. until they start coming to my inbox at 50-100 a day.. now you are pissing me off. I didn't ask for it.. and i appreciate it if you would just stop. Snail mail is federal controlled.. its mail fraud to send things to someone they said to stop. Or you go to prison. Email.. should have some similar circumstance, but fine the spammer, and spread the proceeds among those affected.. spam would be zero in a week, if they had their money in an escrow account like pay pal.. and pay pay could freeze their assets upon a grievance, and divy up the profits among those people they violated. Anyway, all of you have some really great ideas, but I just believe this won't go anywhere, until ISP and People get together.. to stop this madness. I cringe to open my email.. at one point it was fun to open email.. jokes, cartoons, now.. I avoid it for weeks sometimes, because i am so sick of filtering over and over and over and over.. I want my fun back, and I know you do too. | |
| 
koitsu
Premium
join:2002-07-16
Mountain View, CA
| STARTTLS anyone? Isn't this exactly what STARTTLS is for, re: certificate-based authentication using standard OpenSSL certificates and CAs? It sure isn't DNS-based (and I'm thankful for that; using DNS for this isn't a good idea, IMHO) either...
About 7-8 months ago, I posted something about STARTTLS in reference to a spam-oriented news post here on the forums. Some company was yapping and blabbing about a certificate-based method and calling it "revolutionary technology." STARTTLS had been around for a good 11-12 months prior to that.
Anyways, I congratulate Yahoo! in trying to do something about spam, but I must side with the bloggers -- so what? This isn't going to accomplish anything other than provide Yahoo! a way to make money off of something Verisign-style (re: signed CA/certs). It sounds to me like Yahoo! is slowly going down the same road as all the rest-of the "dot-com" ventures -- questionable motives. Sad too, since Yahoo! has been around since 1996 or so.
I think a much more effective method -- albeit not as immediately effective -- is something like this. Maybe it'll make adolescent DDoS-spammer kids change their minds and become real members of the working-class society. Get real jobs and contribute to the economy, you bastards...
--
Making life hard for others since 1977. | |
| | 
justin
Australian
join:1999-05-28
Brooklyn, NY | Re: STARTTLS anyone? with huge volumes of mail pouring into yahoo each from a different IP, and claiming to be from a certain server, don't you need the existing scaled DNS infrastructure to cope with efficient local lookups and propagation of changes? | |
| | |
koitsu
Premium
join:2002-07-16
Mountain View, CA
| Re: STARTTLS anyone? Depends on how it's done. I was considering it TXT record per zone which contained a MD5 or Base64 version of a public key.
After thinking about it for awhile, I really don't see what this is going to do for people. I mean, we already have certificates available to sendmail and qmail via STARTTLS; why do we need one per zone?
It's possible I'm misunderstanding how Yahoo! wants to implement it, but of course the details are still kinda sketchy at this point.
--
Making life hard for others since 1977. | |
| | | 
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| said by justin :
with huge volumes of mail pouring into yahoo each from a different IP, and claiming to be from a certain server, don't you need the existing scaled DNS infrastructure to cope with efficient local lookups and propagation of changes?
It would probably be possible to use the same key-propagation mechanism used in "standard" DNS signed zones. Of course, the only thing I've ever done even remotely close to that is setting up signature keyed remote zone updates. And, even if I did bother the secure my zone, unless the holders of .com were o set up a trust relation ship with me, my zone would only be locally secure. Given who holds .Com, I'm guessing the only way that's going to happen is if I buy SSL certificates for my DNS servers from Verisign (which sorta smacks of conflict of interest?).
And that's the real problem with this whole scheme: SSL certificates don't come cheap and only come through a few, select places. So, to fully secure email or to fully secure DNS, etc., someone like Verisign (ECH!) would be in a good position to make an awful lot more money than they already do just for secured web sites.
Unless GPG-style keyring servers were used, it's going to suck for small mail/DNS operators. It overall seems to be a way to eliminate use of personal mail servers and DNS servers, thus guaranteeing that every aspect of the Internet would become commercialized.
Is it necessarily a bad thing to be forced to rely on professional DNS and email services? It kind of depends on how good of a job you think they are or would likely do. I run my own DNS and SMTP servers because I have yet to find a provider that meets my needs for speed, flexibility and freedom from hassles like SPAM. My fear is, given a Yahoo scenario, I'd have to pay somebody to relay my emails.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" | |
| | | |
koitsu
Premium
join:2002-07-16
Mountain View, CA
| Re: STARTTLS anyone? This is one of the most educational and thumbs-up-worthy posts I've seen on BBR in awhile (maybe I'm just not looking in the right places).
Incredibly useful, FO.
And likewise, I'm in the exact same boat you are. I too have the same qualms with coughing up large sums of money for SSL certs -- which would most definitely apply to Yahoo!'s new idea, albeit for a different technology -- and likewise have no desire to pay big bucks for CA-signed certs. I guess it depends on how much it costs.
Although nothing is going to stop a spammer from paying for a CA-signed cert. Even if it was US$1000, they'd pay it to continue to spam. You know how it goes... so really, what is Yahoo!s idea going to truly get us?
--
Making life hard for others since 1977. | |
| GameCube Boy
join:2003-12-12
10321 | Bravo Yahoo! When spammers themselves were asked what would stifle their work their answer was "authentication."
Bravo Yahoo! | |
| | 
Jim Gurd
Sorry Roger, you tiger now.
Premium
join:2000-07-08
Plymouth, MI
·Comcast
| Re: Bravo Yahoo! said by GameCube Boy :
When spammers themselves were asked what would stifle their work their answer was "authentication."
Bravo Yahoo!
I agree. Authentication is the only way to make a real dent in the spam problem. If you eliminate address spoofing then you force spammers into the open and they are easier to stop. Any message which can't be properly authenticated would be black-holed.
The hardest part of this will be getting a critical mass of ISP's to implement the system. | |
| 
desdog
@cox.net |  It will take a company of yahoo's size....
| |
| | GameCube Boy
join:2003-12-12
10321
| Re: It will take a company of yahoo's size.... said by desdog:
to make this work correctly. Small companies dont have the push to intigrate an authintication system, yahoo has the best chance so far.
I think the push should and will be from every legitimate business. It's not just where the email originates but who receives it. Say a mom and pop shop is a host, why wouldn't they want authentication from other ISP's in order to ensure that the emails their small customer base is receiving are authenticated. | |
| | |
desdog
@cox.net
|  Re: It will take a company of yahoo's size....
If I were trying to push a new technology I though should be a standard it wouldn't go anywhere. | |
| | | | | | | | | | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by GameCube Boy :
said by desdog:
to make this work correctly. Small companies dont have the push to intigrate an authintication system, yahoo has the best chance so far.
I think the push should and will be from every legitimate business. It's not just where the email originates but who receives it. Say a mom and pop shop is a host, why wouldn't they want authentication from other ISP's in order to ensure that the emails their small customer base is receiving are authenticated.
Such a system would probably have to rely on third-party signed keys to work (otherwise, how do you know you can trust the "authenticated" emails?). Have you ever priced third-party signed keys for servers? They ain't cheap, for the most part (and you can expect that the ones that are will somehow end up not being sufficient to participate). They especially aren't cheap when you have to buy one per entity (this could be a zone, or hopefully just per zone server). This certainly sets up a couple groups to make a bucket-load of new money: the third-party trusted signers (e.g., Verisign) and companies that would provide such trusted DNS zones (because a significant number of current DNS zone owners are not going to be able to afford to run their own after implementation of this). The third-party signers will get their new money from all the new keys they'd be selling. The DNS services would get their money from: A) hosting the DNS zones of people who can't afford their own keys; and B) fees associated with any and all updates.
So, now you're small entity and you've become tired of your ISP (because of price, service, etc.). You want to move to a new ISP. You have to contact your DNS provider (assuming it wasn't your old ISP) and send a list of updates. "Sure thing, that will be $X per A/CNAME/PTR" change. Whereas, right now, if the small entity is half-clued, they can run their own DNS servers. When they go to change ISPs, they just send a registry update for their DNS servers to the InterNIC database. Blammo: one IP or a million IPs, the externalized administrative workload and expenses are the same: essentially zero.
Personally, before I'd get on board with Yahoo's scheme, I'd be checking to see what their investments in current PKI and DNS infrastructures are. They could be looking to make a LOT of money with this "open" standard.
Remember, when companies start talking about "on-ramps" they are usually envisioning themselves sitting as toll-collector, somewhere on one of them.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" | |
| ArkiMage
join:2001-06-30
Kingsport, TN
| Stopping SPAM How will this cut down on SPAM?
Easy... When this comes about I'll probably install a newer version of SPAM Assassin which will add a ruleset for authenticated mail. Something like:
score DOMAIN_VALIDATED -5
score DOMAIN_NOT_VALIDATED 5
If the mail comes from a domain that has been cryptographically determined to be correct, the spam score will decrement by some amount. Same in reverse if it supposedly comes from @yahoo.com but is forged. | |
| SanJoseNerd
Premium
join:2002-07-24
San Jose, CA
| Legal Responsibility I think this might be a good step. Let me suggest one addition: when email originates from an authenticated server, then whoever runs that server should be legally responsible for it.
That means the person running that server must implement an effective opt-out mechanism, including the ability to opt-out of all email from that server, and adherence to any do-not-spam lists. If large amounts of unsolicited or fraudulent email comes from that server, then the person can be sued. If email from that server violates anti-spam laws, then that person can be fined and jailed.
And if the person is beyond the reach of the law -- say, in China or the Caribbean -- then the authentication should be revoked. | |
| joesplifnik
join:2002-10-09
Lees Summit, MO
| Making Spam Unprofitable The real reason spam exists is that it appears to be a way for the spammer to make money. Apparently, it takes a miniscule response rate to make spamming profitable. The only real way to defeat it is to never, never, never buy anything being promoted via spam. I'm sure that the readers of this forum are intelligent enough to ignore spam pitches, but apparently there is a large enough segment of ignorant Internet users making spam purchases that the spamming strategy is profitable. Therefore, there has to be a goal of educating the Internet public to ignore this crap. Until spamming ceases to generate a return, the war will go on. We've got to spread the word to all web users to ignore all spam sales pitches. Easier said than done. | |
| | 
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14210-2642
clubs:
| auth and trust STARTTLS is certainly a viable solution technically. The immediate problem with that is the cost of the current X.509 CAs. It's pretty good though. In this case, we've chosen to trust a handful of entities. Just look some time at the issuers of the CAs that come with your favorite TLS/SSL-enabled Web browser (I counted 19 distinct companies, might have made some mistakes, for Mozilla 1.5).
The idea of having keyservers (or even DNS) is good, but then the issue of trust arises (as in the web of trust idea). In this case, one is going to have a little bit more challenging time figuring out which key signatures one will trust because there are a lot more of them than just the VeriSigns, GeoTrusts, and Equifaxes (etc.) of the world. Just about anyone can buy a domain name registration and insert a DNS key record into their zone, but does that mean I want to receive mail from you? It's more than just authentication in this case. I may never want to receive email from optinoffers.com for example, because it is spam.
There are a number of peripheral issues I'm not sure have been thought of.
First, I think the whole thing is a mess, and we're trying to adapt a system and protocol that was specified when one could "trust' (to some extent anyway) that when a computer HELOed as monet.cs.berkeley.edu that it really WAS monet. We trusted that if an MTA said a piece was from linus.torvalds@transmeta.com that it really was. Trying to adapt an existing protocol for security and authenticity is troublesome at best, and sometimes the only true solution is a total rewrite/respecification.
Second, until any scheme is universally adopted, there will always be the possibility of either wanting or needing messages from the older system. The day that one says one will not accept delivery of an email if it's not authenticated will be the day one loses email one wished to receive. And for businesses this can also mean the day they start losing customers/clients. And paradoxically, reimplementing email this way is not atomic; there will have to be a transition period (it's a regular catch-22). But once a protocol becomes entrenched, it's exceedingly difficult to move forward. Look for example at IPv6. It's taking "FOREVER" to get deployed.
Third, what about third party servers? There are quite a number of companies that don't want to blur their company focus by establishing IT or Internet departments, and they outsource this task. So for example Verizon doesn't handle email; they hire Brightmail to do it for them (maybe a poor example, but it illustrates the point). When Verizon has a customer announcement, the From: will be something like custcare@verizon.net, but the cert the MTA will present may be for outgoing.brightmail.com or similar. Will some tweaks to existing software be able to handle having and presenting the correct cert based upon the message's origin or originator? For example, I've recently configured my Sendmail to authenticate when relaying outgoing mail through Verizon, but that's based on the recipient mail server, not the origin. Also, what's the liability of a company that doesn't present a correct cert when doing somehting like that?
Fourth, what do providers do when problems arise? Let's say a provider allows a customer onto their systems, and then unbeknownst to them the customer starts spamming. Even if within a day the spam stops flowing, the provider's reputation is damaged, and who knows for how long?
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here | |
| russotto
join:2000-10-05
Collegeville, PA
| Internet takeover Spam? This is a takeover of the Internet email system by the usual suspects, using spam as the excuse.
Once AOL, MSN, and Yahoo get together and decide on a system, anyone who wants to send e-mail to AOL, MSN, or Yahoo users will have to play ball with them. Since it's not viable to have email which can't be used to send to those three, that means everyone will have to bow to their terms. No more mail services from small ISPs unless you kiss up to the big guys. No more running your own mail server.
As for spam -- oh, you'll continue to get it, all right. But it'll be "authorized marketing mail" from AOL, MSN, and Yahoo "partners". Which you will of course be able to opt out of -- until they reset your preferences again. | |
| 
nickb
Still Waiting For My Flashcom Rebates
join:1999-07-10
Brooklyn, NY
| Going off half-cocked Too early to tell. I repeat too early to tell. Let them fill in the blanks and reveal more. Until then most of the debate above is just speculation. For the record, and based on the initial info supplied, I'm in favor of a system LIKE this one.
--
Nick Braak - Redbox Security | |
|
TreeHead
@66.98.x.x
| power to the people, not the isp's... ;isn't there another solution that would put command over message legitimacy in the hands of the end user as opposed to the isp?
;with a carefully coded mail client and/or a new protocol subset (or entirely new "secure" e-mail protocol), couldn't one use pgp to encrypt, sign, and valid messages via the client?
;the original message would be encrypted and signed by the sender. the recipient could then poll the server for new mail, check the message (header or contents) for signatures on *their* keyring, downloading ONLY those messages that they have been validated and verified.
;the client could even display a list of non-validating messages and give the end user the ability to download and verify these senders' pgp keys (if, for example, the message is the first message from a mailing list or vendor).
;i'm sorry, but i have a really hard time giving it all up to the infrastructure.
;treehead | |
| | 
David
Last man standing
Premium,VIP
join:2002-05-30
Granite City, IL
clubs:
·AT&T Midwest
| Re: power to the people, not the isp's... said by TreeHead:
;isn't there another solution that would put command over message legitimacy in the hands of the end user as opposed to the isp?
;with a carefully coded mail client and/or a new protocol subset (or entirely new "secure" e-mail protocol), couldn't one use pgp to encrypt, sign, and valid messages via the client?
;the original message would be encrypted and signed by the sender. the recipient could then poll the server for new mail, check the message (header or contents) for signatures on *their* keyring, downloading ONLY those messages that they have been validated and verified.
;the client could even display a list of non-validating messages and give the end user the ability to download and verify these senders' pgp keys (if, for example, the message is the first message from a mailing list or vendor).
;i'm sorry, but i have a really hard time giving it all up to the infrastructure.
;treehead
Well, if you use yahoo or SBCyahoo right now one new feature that gives people some control over spam is disposable e-mail addresses.. With the Sbcyahoo accounts I get 10 e-mail addresses (currently using 2 of them) if I wanted I could create a disposable e-mail address for just purchasing stuff then once I am done purchasing with that company I just delete the disposeable e-mail address and away they go...
SPAM problem somewhat solved..
--
Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime - Lao Tzu | |
| | |
David
Last man standing
Premium,VIP
join:2002-05-30
Granite City, IL
clubs:
·AT&T Midwest
| Re: power to the people, not the isp's... said by David :
said by TreeHead:
;isn't there another solution that would put command over message legitimacy in the hands of the end user as opposed to the isp?
;with a carefully coded mail client and/or a new protocol subset (or entirely new "secure" e-mail protocol), couldn't one use pgp to encrypt, sign, and valid messages via the client?
;the original message would be encrypted and signed by the sender. the recipient could then poll the server for new mail, check the message (header or contents) for signatures on *their* keyring, downloading ONLY those messages that they have been validated and verified.
;the client could even display a list of non-validating messages and give the end user the ability to download and verify these senders' pgp keys (if, for example, the message is the first message from a mailing list or vendor).
;i'm sorry, but i have a really hard time giving it all up to the infrastructure.
;treehead
Well, if you use yahoo or SBCyahoo right now one new feature that gives people some control over spam is disposable e-mail addresses.. With the Sbcyahoo accounts I get 10 e-mail addresses (currently using 2 of them) if I wanted I could create a disposable e-mail address for just purchasing stuff then once I am done purchasing with that company I just delete the disposeable e-mail address and away they go...
SPAM problem somewhat solved..
Keep in mind this post was not an advertisement but just another way that might work in the fight against spam...
--
Give a man a fish and you feed him for a day. Teach him how to fish and you feed him for a lifetime - Lao Tzu | |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14210-2642
clubs:
| oh my gosh...reporters as bad I just reread the Reuters Domain Keys writeup. It shows that some tech reporters are about as knowledgeable as the legislators. Ben Berkowitz states that private keys will be sent. Ummm...duh, aren't private keys are supposed to be kept...ummmm....private? It must be just me... 
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here | |
| | | | | rjparker9
Premium
join:2003-08-04
Lutz, FL
| Re: oh my gosh...reporters as bad Yo, yahoo detester.. OE is unbound from IE. FYI.. if you take the default installation.. its installed, but Custom installs you can leave OE off, and only install IE.. and vice versa.. they are not "together" by any means.. And your yahoo software idea.. i have used Yahoo Tool bars for years. Zero probs. I never tried DSL, perhaps that is poor, but overall, I am impressed with yahoo.. and the install routines for mail, fantasy baseball, front page customizations, news.. works 100% of the time. Even with IE or netscape. In fact, in my 20 years experience working with computers, for free software.. Yahoo does a pretty good job.. even better than many commercial apps.. we even use Calendar at work via the net, because Exchange is a pain in the derrier.. So maybe your experience with Yahoo is somewhat less than adequate, but considering I don't have to "install" anything on my computer to use it.... I will take it any day of the week. | |
| | | | 
linicx
Caveat Emptor
Premium
join:2002-12-03
United State
·CenturyTel Inc.
·Cebridge Connections
 ·Vonage
| Re: oh my gosh...reporters as bad Hey Mo ... you don't know what I am talking about until you install Yahoo-DSL software from the CD provided by the telco. I don't need Yahoo toolbar. I was playing on the internet when Mosaic was the best browser -- which was long before Yahoo or Big Foot or IE emerged -- and Archie was a big deal.
IMHO the best way to custom install Yahoo-DSL is to toss it in the trash can. You don't need Yahoo to set up or use DSL; you don't need it to take advantage of any of the Yahoo web tools, and you don't need it to setup any DSL email accounts that are hosted by Yahoo. If you want to take advantage of a Yahoo-DSL broadband account, all you need is an IP number, account, password, and a NAT Firewall router for security.
And by the way, Mo, it will be an ice cold day on the Equator before Bill Gates unbinds OE/IE from his operating system. He may offer the browser as a stand alone product to Yahoo, Apple, Linux and Joe Schmoo, but he isn't going to untie it from Windows, ME, 2000 or XP now or in the future; it made him a billionaire.
--
No windows; No gates; Apple inside | |
| | | | | rjparker9
Premium
join:2003-08-04
Lutz, FL
| Re: oh my gosh...reporters as bad Hey, Curly.. I hear ya about the yahoo thing.. But I was using the interenet before there was a browser for it.. Telnet, Gopher.. i was using OS/2 when they had a browser called "explorer". And you don't need any software to install any DSL line.. it used to be a pppoe connection, but now its just an ethernet connection, so yes.. firewall and IP.. I understand that.
Bill Gates became a billionaire.. not because of windows, but because he knows how to market his products to the world. Think about the fortune 500 list. 499 companies on that list use a product or suite products from 1 other company, just 1. There isn't a single company out there you can say that about. Everyone uses microsoft products in one way shape or form.. We all drink Coke, and pepsi.. but every company doesn't drink both. We all ship using UPS.. or Fedex.. maybe USPS, maybe DHL, or even courier. We may use different products from differt companies but EVERY fortune 500 company uses Microsoft.. 95% of them use it as their primary OS. That's where Bill made his money.
Also, lets not forget.. the reason why we have OE, explorer, file manager, a basic word processor, and other free utilities, because that's what people want. WE dont want to download an email program, or a browser, we want it included. Ask the avg user what they like.. they like windows for what it has.. and the ease of use. Everyone is just mad because they didn't think of what Microsoft/Windows did FIRST! So they talk about it like dirt.. but we still keep using it. You don't like microsoft, you don't like their tactics, no one is forcing you to use it. Use linux.. yeah, that will only support about 4 motherboards, and a smattering of hardware.. still wont' support many of my devices, so I continue to use Microsoft. You think you can do a better job than microsoft making an OS, HA! I would like to see you try.. its been tried.. many, many times. Next OS, OS/2, ... I can't even think of all the failed OS's over the years I have tried, and they were gone a few years later. Still windows hangs around. Its not perfect, but there isn't ANTYTHING better for what it does. Linux is free, but its not better. Just different. OE/IE are not bundled. They happen to come on the windows CD. If you developed a product, and you were trying to promote your product, you would throw it on there too.. it makes your product more attractive.. its called, say it with me.. "S-A-L-E-S". If windows was just bare bones, no frills.. it wouldn't be what it is today, a useful tool. | |
| | | |
|
|
