www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: Mailing lists hiding sender's address?
Date Fri, 16 Apr 2004 23:11:54 GMT
> A little obfuscation goes a long way. Look at our subscription mechanism
to
> mailing lists. It is trivially easy to defeat, but as far as I know no
one
> has yet subscribed to one of our lists to spam us.

Actually, that part is not so easy because it requires them to have a
valid mailbox in order to complete the process.  Spammers don't like to be
seen.

The real problem would be if they started to use widespread spoofing of
valid subscriber addresses, e.g., sending lots of e-mail as you to lists
on which you are subscribed.

The solution is to require digital certificates to authenticate identity.
All e-mail would need to carry them or be considered spam a priori.
Stefano uses a digital signature on every message, but since he uses PGP
MIME instead of S/MIME, my MUA treats it a bit oddly.  I rarely bother to
sign my messages, but signed messages could be verified by the server as
part of its filtering.

	--- Noel

Mime
View raw message