[Mailman-Developers] Crypto-sign to post
Steve Huston
huston at astro.princeton.edu
Thu Nov 9 16:25:07 CET 2006
On 11/9/06 5:54 AM, Stefan Schlott wrote:
> As you mentioned, signing of a message is easy; so it is easy to sign a spam
> message, too. The problem is: Which key is used to sign the message, and how
> do you determine whether a key belongs to a spammer or to an ordinary user?
> The signature alone does not solve your problem.
This would be for a project other than Mailman, however there already
exists various blacklists and such which MTAs can use to determine if a
host is likely to be a spammer. Likewise, I'm sure it wouldn't take
very much to setup a daemon that contains a list of "known spammy keys",
and populate ones GPG keyring with those keys and flagged as untrusted.
Then it would be a matter of allowing any signed mail from a
non-untrusted key (so either trusted, or unknown).
--
Steve Huston - W2SRH - Unix Sysadmin, Dept. of Astrophysical Sciences
Princeton University | ICBM Address: 40.346525 -74.651285
126 Peyton Hall |"On my ship, the Rocinante, wheeling through
Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus,
(609) 258-7375 | headlong into mystery." -Rush, 'Cygnus X-1'
More information about the Mailman-Developers
mailing list