In
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0410011107210(_dot_)684-100000(_at_)sokol(_dot_)elan(_dot_)net>
"william(at)elan.net" <william(_at_)elan(_dot_)net> writes:
On 1 Oct 2004, John Levine wrote:
and (debatably)
doesn't have to survive all of the mangling that might happen to
messages as they pass through mailing lists and the like.
This I STRONGLY SGRONGLY disagree. The system MUST be able to work
within current email infrastructure and not break it. That means
the signature must survive emails and forwarders and all other common
email retransmision systems.
Isn't this kind of a fundemental catch-22?
If you allow someone to send from their Yahoo account to a mailing
list, allow the mailing list to add their garbage onto the end, and
still have the message verified, what is stopping a spammer from
creating a "mailing list" with all 50million "verified opt-in email
accounts" that adds their spam on the end?
If a spammer can send a single email from their throw-away Yahoo
account to their "mailing list" and still have it blesses as coming
from Yahoo, what good is it.
If you lock down the signature system tight enough that spammers can't
abuse it, then it will break mailing lists.
I think this is the reason why John said that this is debatable.
-wayne