[squeak-dev] Apology for offensive spam on annoncements list

Janko Mivšek janko.mivsek at eranova.si
Mon Jan 26 11:09:33 UTC 2009


Another measure would be to authenticate e-mail sent to the lists more
strongly, with signing it with PGP or S/MIME (digital certs). Signed
emails would be tagged as completely trusted, while others would go to a
moderation list, or just tagged as untrusted.

This requires additional discipline from us the senders of email of
course and this is a major drawback of this approach. But it seems we
will soon be forced to do that otherwise not too hard additional setup
of our mail clients to support PGP or S/MIME mail signing.

On the server side there is a project underway to upgrade Mailman list
server (which we are using) to support such authentication:


Secure List Server: Mailman, PGP and S/MIME
http://non-gnu.uvt.nl/mailman-ssls/pgp-smime/talk/mailman-pgp-smime-talk.txt
The Secure List Server: an OpenPGP and S/MIME aware Mailman
http://non-gnu.uvt.nl/mailman-pgp-smime/


Best regards
Janko

Janko Mivšek pravi:
> Rob Rothwell pravi:
>> +1
>>
>> Any way to just block the current offender and not change to constant
>> monitoring?  This is the first time I have seen something like this in
>> years, so maybe it just isn't that big of a deal right now...
> 
> Problem is that the offender impersonated regularly subscribed guys in
> his spam, so he didn't need even to subscribe to the list.
> 
> For this he needed to find the e-mails of our guys. I suspect that he
> found their e-mails from list archives. Default Mailman list archives
> namely contain e-mail addresses while archives like Nabble not.
> 
> One of solution is therefore to switch off Mailman archives and use
> Nabble and similar only.
> 
> Janko



-- 
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si



More information about the Squeak-dev mailing list