Is there any digital signer anyone recommends? What is the procedure? Can it be set automatic or is it something to remember and do everytime? -Thanks. ----- Original Message ----- From: "Stefano Mazzocchi" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, March 03, 2004 4:24 PM Subject: Re: E-mail account disabling warning.
> Steven Noels wrote: > > > On 03 Mar 2004, at 17:23, Brian Behlendorf wrote: > > > >> On Wed, 3 Mar 2004, Sam Ruby wrote: > >> > >>> Neither. This email contained: > >>> > >>> Return-Path: <[EMAIL PROTECTED]> > >>> From: [EMAIL PROTECTED] > >>> > >>> ... neither of which is subscribed to [EMAIL PROTECTED] > >>> > >>> From what I have read, ezmlm uses a separate SMTP 'SENDER' field, which > >>> isn't retained in the archive. My bets are that this field contained > >>> the value [EMAIL PROTECTED] > >> > >> > >> No. Return-Path does capture the email address used by ezmlm to figure > >> out if and when to send. As it turns out, "[EMAIL PROTECTED]" is able > >> to post as he's in the "allow" database for that list. > > > > > > That's what I was afraid of, since I happened to know Andrew uses *both* > > addresses (or has been using them), at the very least in private mails > > sent to me. > > > > How can we defend ourselves from bots spamming the lists using > > subscribed or allowed addresses...? > > the only way is to require everybody to sign their email. But enforcing > this would be a serious PITA. > > > Or do we need to actively > > monitor/clean up stale entries in the allow list? > > this doesn't really reduce the problem. > > -- > Stefano. > >
