ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] A method to eliminate spam

2003-03-17 12:08:12
from [Valdis . Kletnieks] [Permanent Link] 
On Mon, 17 Mar 2003 12:39:09 CST, meor(_at_)mail(_dot_)SoftHome(_dot_)net  said:
 

I had to send and receive 3 E-Mails to sign up for this list.  If the 
proposed method was implemented, only one would have to be sent.  The one 
E-Mail would add the list's public key to my white list(implicitly by 
sending them an E-Mail), and the list owner would know that I signed up for 
it(no one signed me up for it out of spite), because of my public key.


This assumes the existence of a PKI.   Without that, it's fairly trivial
for me to crank out a bogus digital signature claiming to be from
meor(_at_)mail(_dot_)softhome(_dot_)net and forge subscriptions for you.  And 
without any
mailback confirmation, you'd not even know what happened until you started
getting 300+ pieces of mail a day from linux-kernel mailing list. ;)

Yes, a self-signed cert *will* prove that two somethings have the same source,
but that doesn't help in trying to confirm a subscription to an e-mail list...

Attachment: pgpUG80UHRgKR.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] A method to eliminate spam, meor
Next by Date:  [Asrg] Giving Public Notice ...., Art Pollard
Previous by Thread:  Re: [Asrg] A method to eliminate spam, meor
Next by Thread:  Re: [Asrg] A method to eliminate spam, meor
Indexes:  [Date] [Thread] [Top] [All Lists]