Destroying the reliability of Internet mail won't stop spammers.
Need a particular spelling in the From line? No problem; they'll copy
the spelling. Need a complete header? No problem; they'll copy someone's
complete header. Doing some Received tests? No problem; they'll send
mail through one of the >100000 SMTP servers that don't record sources.
Doing ``administrativia'' tests? No problem; they'll filter the same
words that you do.
A year later you find yourself surrounded by half-assed ``security''
mechanisms that make life difficult for normal users (``sorry, folks,
can't send mail to the list unless you want anyone to be able to destroy
your subscription'') while the unsolicited commercial e-mail continues
to pour in.
I've set up a mailing list to discuss attacks against mailing lists and
mailing list subscribers, and to discuss methods of protecting against
attacks. To join, send a message to
djb-list-protection-subscribe@koobera.math.uic.edu
Unlike the list-abuse mailing list, list-protection is open, with
archives available to anyone who wants to see them. We need security
mechanisms that _don't_ rely on Chapman-style obscurity.
> List-Managers has been set to allow postings only from subscribers for
> quite some time,
Ah, yes, more than a month. I'm impressed.
---Dan
Let your users manage their own mailing lists. http://pobox.com/~djb/qmail.html
Follow-Ups:
|
|
