Janko Mivšek escreveu:
Another measure would be to authenticate e-mail sent to the lists more strongly, with signing it with PGP or S/MIME (digital certs). Signed emails would be tagged as completely trusted, while others would go to a moderation list, or just tagged as untrusted.
This requires additional discipline from us the senders of email of course and this is a major drawback of this approach. But it seems we will soon be forced to do that otherwise not too hard additional setup of our mail clients to support PGP or S/MIME mail signing.
On the server side there is a project underway to upgrade Mailman list server (which we are using) to support such authentication:
Secure List Server: Mailman, PGP and S/MIME http://non-gnu.uvt.nl/mailman-ssls/pgp-smime/talk/mailman-pgp-smime-talk.txt The Secure List Server: an OpenPGP and S/MIME aware Mailman http://non-gnu.uvt.nl/mailman-pgp-smime/
Best regards Janko
Good evening.
I think that authenticating via PGP/PGP-MIME/S-MIME is useful to avoid faked mail.
I don't think that this spam that penetrated the list is a real big problem (unless it becomes frequent). Identification of the source can be useful to possibly help a member of this list to get rid of a Trojan or root kit that infected his computer. Besides, I strongly believe that people must be warned to be careful when forwarding e-mails from one list to another because if you don't strip headers and embedded email addresses you create potential risks for the list (since it is not that difficult to forge emails.
Best regards,
Casimiro