-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Nov 9, 2006, at 5:54 AM, Stefan Schlott wrote:
> I already received some spam messages including GPG markings. They > were fake, > of course; they were used to fool simple scoring systems (e.g. if > message > contains "BEGIN PGP SIGNED MESSAGE", it is most likely no spam). > > As you mentioned, signing of a message is easy; so it is easy to > sign a spam > message, too. The problem is: Which key is used to sign the > message, and how > do you determine whether a key belongs to a spammer or to an > ordinary user? > The signature alone does not solve your problem. I suppose you could also have each mailing list publish a pubkey and require that messages be encrypted with that pubkey in order to get posted. Of course that increases the cycles involved on both ends, but it allows you to accept messages without requiring the registration of each sender's key. Sure, spammers could use the same key to sign spam, but I wonder if that wouldn't be more work than is worthwhile for a botnet. - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iQCVAwUBRVadKHEjvBPtnXfVAQKeXAP/fvdpKqWbXWBubOkpzexyHQXha3EcJBlT xfV2BKmJkc0cPXiyXgG+V1kKtg3kp+6/tCqRQDXjmAgjjvGZEuB5cWi+ebmqMfcW ETC4Ma246yuYZNq/yoMu8+o7NlXaIlPQrqSZhzG5rV97BQ8gSa20BxJ+uQNufs4D /KTeGdA6C9s= =J1L6 -----END PGP SIGNATURE----- _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
