Presented Without Proof(an exercise for the reader)

ocean.301south.net is a low-volume mail server. 95% of my logs are spam rejected by postgrey.  The other 5% are evenly divided between spam which gets screened out by SpamAssassin and actual legitimate messages, which probably number 25 a day coming in and fewer than 10 a day going out.   So you can imagine my dismay when Yahoo(!) refused to accept an email from Abbie to her mother on the basis of my server’s reputation.

There’s obviously an element of inferiority-complex here.  In a world where everyone is known by his google ID and it’s all but impossible to acquire a static IP address, I am in the extreme (maybe even six-sigma) minority to be administrating my own e-mail server.  I hold a physical copy of all my emails on my home server (and Abbie’s, too) and I never see ads.

But lately, particularly since moving from a DSL connection to a Cable connection (hosted by Cox Business), I’ve started to notice that emails from my domain were frequently spurned, often winding up in spam folders or being rejected altogether, particularly by Yahoo servers.

This is a question of net neutrality: Yahoo, being an email provider, has a business incentive to harrass small-time service providers such as myself, which, if our numbers suddenly multiplied, would pose a threat to its email revenue stream.  Of course, such a thing is extremely unlikely to happen, because people don’t even know how to keep their antivirus software up to date, much less operate a standards-compliant mail relay.  I take pride in this accomplishment, even though it’s somewhat akin to the accomplishment of writing an entire parametric, interactive feedback-control and data acquisition system in PIC ASM, which is something else I take pride in having done, even though it’s not something that very many people would mistake for being useful.

And so I take it personally when my logs report something like:

Feb 25 19:16:18 ocean postfix/smtp[98301]: 0F7E6B826:
host a.mx.mail.yahoo.com[67.195.168.31] refused to talk to me: 421 Message from (24.249.152.92) temporarily deferred - 4.16.50. Please refer to
http://help.yahoo.com/help/us/mail/defer/defer-06.html


I filed a help request with their abuse-admin service and received a canned response, from which I learned about DomainKeys.  The concept is quite elegant.  I modify my server’s DNS record to include a public encrpytion key, and store the private key secretly on my mail server.  I then stamp every message I send with a signature which is encoded with the private key.  The recipient can check my DNS record, use the public key to decode the signature, and verify that the message is legitimate.  DomainKeys were invented by Yahoo, but are now an accepted open standard.

Following this howto (and adapting to FreeBSD), I managed to convert my Postfix install to use domain keys in just under three hours (specifically, the hours from 11 PM to 2 AM on February 24-25), thus demonstrating that I am still qualified to operate my own mail server. It remains to be seen whether Yahoo will take its own medicine: at the time of writing, it’s still deferring my messages, even though they are now possessed of DomainKey signatures.

For what it’s worth, I never get false-positives in my Spam folder.  There is a single exception in the past year, and that was due to an embarrassing goof on the part of the SpamAssassin maintainers.

You can view my DKIM public key with the following command:

dig -t TXT 301south._domainkey.301south.net


if you use a computer with access to dig(1).