some communities do that already and this could be something to explore if we got more attacks.
stef
On Jan 26, 2009, at 12:09 PM, Janko Mivšek wrote:
Another measure would be to authenticate e-mail sent to the lists more strongly, with signing it with PGP or S/MIME (digital certs). Signed emails would be tagged as completely trusted, while others would go to a moderation list, or just tagged as untrusted.
This requires additional discipline from us the senders of email of course and this is a major drawback of this approach. But it seems we will soon be forced to do that otherwise not too hard additional setup of our mail clients to support PGP or S/MIME mail signing.
On the server side there is a project underway to upgrade Mailman list server (which we are using) to support such authentication:
Secure List Server: Mailman, PGP and S/MIME http://non-gnu.uvt.nl/mailman-ssls/pgp-smime/talk/mailman-pgp-smime-talk.txt The Secure List Server: an OpenPGP and S/MIME aware Mailman http://non-gnu.uvt.nl/mailman-pgp-smime/
Best regards Janko
Janko Mivšek pravi:
Rob Rothwell pravi:
+1
Any way to just block the current offender and not change to constant monitoring? This is the first time I have seen something like this in years, so maybe it just isn't that big of a deal right now...
Problem is that the offender impersonated regularly subscribed guys in his spam, so he didn't need even to subscribe to the list.
For this he needed to find the e-mails of our guys. I suspect that he found their e-mails from list archives. Default Mailman list archives namely contain e-mail addresses while archives like Nabble not.
One of solution is therefore to switch off Mailman archives and use Nabble and similar only.
Janko
-- Janko Mivšek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si