> A little obfuscation goes a long way. Look at our subscription mechanism to > mailing lists. It is trivially easy to defeat, but as far as I know no one > has yet subscribed to one of our lists to spam us.
Actually, that part is not so easy because it requires them to have a
valid mailbox in order to complete the process. Spammers don't like to be
seen.
The real problem would be if they started to use widespread spoofing of
valid subscriber addresses, e.g., sending lots of e-mail as you to lists
on which you are subscribed.
The solution is to require digital certificates to authenticate identity.
All e-mail would need to carry them or be considered spam a priori.
Stefano uses a digital signature on every message, but since he uses PGP
MIME instead of S/MIME, my MUA treats it a bit oddly. I rarely bother to
sign my messages, but signed messages could be verified by the server as
part of its filtering.
--- Noel
smime.p7s
Description: S/MIME cryptographic signature
