> -----Original Message----- > From: Noel J. Bergman [mailto:[EMAIL PROTECTED] > Sent: Friday, April 16, 2004 4:12 PM > To: [email protected] > Subject: RE: Mailing lists hiding sender's address? > > > > A little obfuscation goes a long way. Look at our subscription mechanism > to > > mailing lists. It is trivially easy to defeat, but as far as I know no > one > > has yet subscribed to one of our lists to spam us. > > Actually, that part is not so easy because it requires them to have a > valid mailbox in order to complete the process. Spammers don't like to be > seen. > > The real problem would be if they started to use widespread spoofing of > valid subscriber addresses, e.g., sending lots of e-mail as you to lists > on which you are subscribed. > > The solution is to require digital certificates to authenticate identity. > All e-mail would need to carry them or be considered spam a priori. > Stefano uses a digital signature on every message, but since he uses PGP > MIME instead of S/MIME, my MUA treats it a bit oddly. I rarely bother to > sign my messages, but signed messages could be verified by the server as > part of its filtering.
I notice you signed that one. ;-) Signed messages cause problems on gmane, at least when using Outlook Express as a newsreader, and I would guess with other newsreaders as well. The problem is that gmane obfuscates the sender itself, so that the sender and signer don't match, and you get a "Security Warning", with a message like this: The digital ID's e-mail address does not match sender's Signer: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] You can still read the message, but the value of the signature is negated. -- Martin Cooper > --- Noel > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
