www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: bogus subs to mailing lists (more?)
Date Thu, 06 Nov 2003 00:17:23 GMT
> > How do you propose getting a critical mass of signed mail, and what do
> > you want to do in the meantime with unsigned mail from a subscriber?

> Making life easier for people using them and more difficult for people
> not using them.

> I expected some expert to come out and say "Actually, project
> XYZ in sourceforge does a variant of this, only much better" :-)

The problem is not whether or not some project does it (we've got some new
toys for James that will handle S/MIME operations on the server), but
whether or not we can reasonably expect universal availability without
unduly impacting our general audience.  Subscription is an easy one-time

> > The mail server would need everyone's public key to verify the
> > signatures.

> This looks simple enough, at least for people signing releases.

That would be a few handfuls of people.  What about the 1000s of regular
users who subscribe to the lists?

> > But how does that solve the problem?  Are you going to require *ALL*
> > messages to be signed?

> The initial "prize" would be something like you don't need to subscribe
> or wait moderation to send

What does this do to stop spam from someone who decides to use your address
as the fake sender?  Haven't you ever gotten bounced e-mail because someone
sent spam posing as you?  The only way to stop it is to verify each and
every e-mail with an authenticated identity.  When no one can send e-mail as
anyone other than themself, then spam will start to stop.

	--- Noel

To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org

View raw message