[squeak-dev] Apology for offensive spam on annoncements list

Janko Mivšek janko.mivsek at eranova.si
Mon Jan 26 11:09:33 UTC 2009

Another measure would be to authenticate e-mail sent to the lists more
strongly, with signing it with PGP or S/MIME (digital certs). Signed
emails would be tagged as completely trusted, while others would go to a
moderation list, or just tagged as untrusted.

This requires additional discipline from us the senders of email of
course and this is a major drawback of this approach. But it seems we
will soon be forced to do that otherwise not too hard additional setup
of our mail clients to support PGP or S/MIME mail signing.

On the server side there is a project underway to upgrade Mailman list
server (which we are using) to support such authentication:

Secure List Server: Mailman, PGP and S/MIME
The Secure List Server: an OpenPGP and S/MIME aware Mailman

Best regards

Janko Mivšek pravi:
> Rob Rothwell pravi:
>> +1
>> Any way to just block the current offender and not change to constant
>> monitoring?  This is the first time I have seen something like this in
>> years, so maybe it just isn't that big of a deal right now...
> Problem is that the offender impersonated regularly subscribed guys in
> his spam, so he didn't need even to subscribe to the list.
> For this he needed to find the e-mails of our guys. I suspect that he
> found their e-mails from list archives. Default Mailman list archives
> namely contain e-mail addresses while archives like Nabble not.
> One of solution is therefore to switch off Mailman archives and use
> Nabble and similar only.
> Janko

Janko Mivšek
Smalltalk Web Application Server

More information about the Squeak-dev mailing list