Alice and Bob can send messages privately via a nosy postman, but how does Bob know that a message he receives is really from Alice, rather than from the postman pretending to be Alice? If they’re using symmetric-key encryption, and Bob is sure that he was talking to Alice when they exchanged keys, then he already knows that the mail is from Alice – as only he and Alice have the keys...
Who's publishing DMARC?
DMARC is a way for a domain owner to say “If you see this domain in a From: header and it’s not been sent straight from us, please don’t deliver the mail”. If a domain is only used for bulk and transactional mail, it can mitigate a subset of phishing attacks without causing too many problems for legitimate email. In other cases, it can cause significant problems. Some of...
Cryptography with Alice and Bob
Untrusted Communication Channels This is a story about Alice and Bob. Alice wants to send a private message to Bob, and the only easy way they have to communicate is via postal mail. Unfortunately, Alice is pretty sure that the postman is reading the mail she sends. That makes Alice sad, so she decides to find a way to send messages to Bob without anyone else being able to read them. Symmetric...
Cryptography and Email
A decade or so ago it was fairly rare for cryptography and email technology to intersect – there was S/MIME (which I’ve seen described as having “more implementations than users”) and PGP, which was mostly known for adding inscrutable blocks of text to mail and for some interesting political fallout, but not much else. That’s changing, though. Authentication and...
Make Mail.app work for you
Mark Nottingham (@mnot) posted a good idea to twitter: Highlight e-mails that your MTA receives with TLS. Make sure to include your mail server’s name in the value (here to the left of what’s shown) Mail.app has client support for mail routing rules. Out of the box all they’re configured to do is highlight mail from Apple, but Mark is adding a rule to passively...
The origins of network email
The history of long distance communication is a fascinating, and huge, subject. I’m going to focus just on the history of network email – otherwise I’m going to get distracted by AUTODIN and semaphore and facsimile and all sorts of other telegraphy. Electronic messaging between users on the same timesharing computer was developed fairly soon after time-sharing computer systems...
Email History through RFCs
Many aspects of email are a lot older than you may think. There were quite a few people in the early 1970s working out how to provide useful services using ARPANET, the network that evolved over the next 10 or 15 years into the modern Internet. They used Requests for Comment (RFCs) to document protocol and research, much as is still done today. Here are some of the interesting milestones. April...
Asynchronous Bounces
There are three ways that an email can fail to be delivered: immediate rejection timeout asynchronous bounce Rejection A rejection is any delivery attempt where the sending smarthost can tell immediately that the mail can’t be delivered. That will often be when the receiving machine accepts a connection but returns a “hard bounce” or “5xx” error at some point in...
Fun with new mailservers
I’m building a new set of mailservers for wordtothewise.com – our existing mailserver was “I’ll repurpose this test box for a week” about four years ago, so it’s long past time. I tested our new smarthost by sending a test mail to gmail. This is the very first email this IP address has sent in at least three or four years, possibly forever: host gmail-smtp-in.l...
DKIM Key Rotation
Several people have asked me about how to rotate DKIM keys in the past few days (as if you’re modifying anything to mitigate replay attacks, you need to invalidate the signatures of all the mail you sent before you made those changes). [icon name=”key” class=”2x spin”] You really, really should be rotating your DKIM keys on a regular basis (monthly, weekly...