On 11/9/06 5:54 AM, Stefan Schlott wrote:
> As you mentioned, signing of a message is easy; so it is easy to sign a spam
> message, too. The problem is: Which key is used to sign the message, and how
> do you determine whether a key belongs to a spammer or to an ordinary user?
> The signature alone does not solve your problem.
This would be for a project other than Mailman, however there already
exists various blacklists and such which MTAs can use to determine if a
host is likely to be a spammer. Likewise, I'm sure it wouldn't take
very much to setup a daemon that contains a list of "known spammy keys",
and populate ones GPG keyring with those keys and flagged as untrusted.
Then it would be a matter of allowing any signed mail from a
non-untrusted key (so either trusted, or unknown).
--
Steve Huston - W2SRH - Unix Sysadmin, Dept. of Astrophysical Sciences
Princeton University | ICBM Address: 40.346525 -74.651285
126 Peyton Hall |"On my ship, the Rocinante, wheeling through
Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus,
(609) 258-7375 | headlong into mystery." -Rush, 'Cygnus X-1'
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
