Comment Number: 516761-100008
Received: 09/26/2005 05:28:05 PM
Organization: Yahoo! Inc
Commenter: Miles Libbey
State: CA
Agency: Federal Trade Commission
Rule: Email Authentication Questionnaire
Docket ID: To Be Added
No Attachments

Comments:

Answers to Specific Questions

1-DomainKeys

2-No modification to standards

3- From November 2004 to the present (September 2005) we configured our outbound email to be DomainKeys signed. From January 2005 to the present we configured our production inbound email systems to perform DomainKeys verification. The goals of the testing are: monitor interoperability with independent implementations; confirm performance costs to be minimal and provide easy access to independent implementers. Interoperability on verification is tracked statistically per sending domain. The system counts successful verifications, failed verifications (and reasons), and unverified mail. Outbound interoperability is tracked by the receiving parties and is reported to us on an ad hoc basis. All production systems are routinely monitored for performance anomalies.

4- Most of the DomainKeys environment is run on modern x86-based systems running FreeBSD. In all, well in excess of 1,000 existing production servers are configured to participate in the DomainKeys testing. No additional hardware was required to perform the DomainKeys signing or verifying.

5- The production software was modified to support DomainKeys and the reporting infrastructure was enhanced to collect statistics on verification results. Otherwise, no special provisions were needed in either software or hardware.

6- At the time of writing these answers, a conservative estimate is that at least 50 billion messages have been DomainKeys processed by our systems.

7- The outbound emails are live emails originating from our Web mail service and Broadband partners. Inbound emails variously originated from other mail service provides such as Google's Gmail and Earthlink, along with over 1,000 other unrelated domains who are participating.

8- The test has been running for over nine months and is continuing.

9- Prior tests were conducted in a non-production environment to ensure: stable production software; identify significant performance impacts, if any and specification conformance. The testing environment was matched to the production system in terms of specification and deployment software and hardware.

10- This number has varied over time and has improved as implementers have identified bugs and errors. At the time of writing, the authentication success rate has risen to be over 97% of all DomainKeys signed email.

11- We have not analyzed the data to ascertain the types of senders. Anecdotally, authenticated traffic, thus far, predominantly originates from legitimate email senders.

12- Based on Answer 10., something like 2-3% of authentications failed. Our sample analysis suggests a combination of implementation failures in "corner cases" and content modification in transit, beyond that acceptable to the verification specification.

13- Based on our production deployment to 1,000+ servers, and 100s of millions of DomainKeys processed email per day, we believe we have a firm basis for believing the technology is scalable for even the largest email providers on the planet.

14- As mentioned in Answer 3, we routinely monitor the production environment for performance anomalies (CPU, network, memory, disk, etc). It also needs to be noted that the same production facilities are used to run our extensive, and resources-hungry anti-spam technologies. In the context of our routine production processing, we have not detected a measurable increases in system resources.

15- Almost all of our testing has been conducted publicly. By the simple convenience that anyone can create a Yahoo account, external implementers are able to exchange email between their systems and our systems to compare results. Additionally, a sourceforge project has been established at http://domainkeys.sourceforge.net which includes test suites, sample code and verification tools so that third parties can conduct independent tests.

16- We have not accurately tracked costing for deployment of DomainKeys on our systems, and any estimate needs to be scaled in the context of the size of our production environment; the caution taken when deploying on a high visibility, proprietary mail system.

17-Not applicable.

18-Not applicable.

19- In the last six months, DomainKeys has been augmented with Cisco's IIM to produce a common standard called DomainKeys Identified Mail. As that standard progresses through the IETF, we intend to transition our environment to DomainKeys Identified Mail. This is not really an additional standard, more an upward compatible transition that we expect will be little more than a library upgrade.

20- The primary focus of the remaining testing is to isolate and categorizes the residual verification failures. To that end, an augmentation to the specification is drafted to provide tracing information that should assist in the automated categorization process.