[squeak-dev] Apology for offensive spam on annoncements list

stephane ducasse stephane.ducasse at free.fr
Sun Feb 1 13:48:19 UTC 2009


some communities do that already and this could be something to  
explore if we got more attacks.

stef

On Jan 26, 2009, at 12:09 PM, Janko Mivšek wrote:

> Another measure would be to authenticate e-mail sent to the lists more
> strongly, with signing it with PGP or S/MIME (digital certs). Signed
> emails would be tagged as completely trusted, while others would go  
> to a
> moderation list, or just tagged as untrusted.
>
> This requires additional discipline from us the senders of email of
> course and this is a major drawback of this approach. But it seems we
> will soon be forced to do that otherwise not too hard additional setup
> of our mail clients to support PGP or S/MIME mail signing.
>
> On the server side there is a project underway to upgrade Mailman list
> server (which we are using) to support such authentication:
>
>
> Secure List Server: Mailman, PGP and S/MIME
> http://non-gnu.uvt.nl/mailman-ssls/pgp-smime/talk/mailman-pgp-smime-talk.txt
> The Secure List Server: an OpenPGP and S/MIME aware Mailman
> http://non-gnu.uvt.nl/mailman-pgp-smime/
>
>
> Best regards
> Janko
>
> Janko Mivšek pravi:
>> Rob Rothwell pravi:
>>> +1
>>>
>>> Any way to just block the current offender and not change to  
>>> constant
>>> monitoring?  This is the first time I have seen something like  
>>> this in
>>> years, so maybe it just isn't that big of a deal right now...
>>
>> Problem is that the offender impersonated regularly subscribed guys  
>> in
>> his spam, so he didn't need even to subscribe to the list.
>>
>> For this he needed to find the e-mails of our guys. I suspect that he
>> found their e-mails from list archives. Default Mailman list archives
>> namely contain e-mail addresses while archives like Nabble not.
>>
>> One of solution is therefore to switch off Mailman archives and use
>> Nabble and similar only.
>>
>> Janko
>
>
>
> -- 
> Janko Mivšek
> AIDA/Web
> Smalltalk Web Application Server
> http://www.aidaweb.si
>
>




More information about the Squeak-dev mailing list