On Thursday 13 October 2011 06:31, andre999 wrote:how can a mailing list easily (and reliably) verify that the email comes from a member, and that the adresse isn't spoofed ?It can't.Which is why I sign all of my email. Then users who care can verify that I sent it, and that it hasn't been tampered with along the way.
At FrOScon I attended a talk by the (sole) developer of the "Project Lancelot" [1] mailing list software. One of the more interesting examples he gave in his talk was the ability to filter or allow mails based on their GPG-validation status. Of course, this probably wouldn't work for a project like ours, but it would be nice if users could somehow signal to the mailinglist software "mails from this subscriber are only valid if they are signed by this key".
Remmy [1] http://code.anselms.net/projects/lancelot
signature.asc
Description: Digital signature
