At 08:07 AM 11/2/2004 +0000, David Woodhouse wrote:
On Mon, 2004-11-01 at 17:18 -0800, Jim Fenton wrote:
Because then I could take the message signed by the mailing list and
replay it to a whole lot of people that aren't subscribed to the
mailing list, as well.
True. I can see what I could do with the message. I just don't see why I
should be excited :)
In the worst case, the mailing list isn't checking for mailsig
signatures, and will accept mail 'From:' any address you offer. Assuming
you can get past any other spam filtering, you then get your message
signed by the list as a Sender: address.
Presumably the idea is that such a Sender-signed mail will be more
likely to get accepted by your spamees than a mail with some other
Sender: address.
But surely that's only true if the Sender: address of the list has a
_good_ reputation? And in this case -- a list which doesn't check
mailsig signatures on the way in and has other anti-spam measures which
are weak enough to let your spam through -- the list isn't going to
_have_ such a good reputation?
That's a better way of stating the point I was trying to make earlier regarding
signing options for mailing lists. The lists will want to be careful about
what they sign. Unless the list limits posting privileges to list members (and
perhaps even if it does), putting a mailing list behind a mailsig-aware MTA is
likely to cause the list to sign unauthorized messages by default.
-Jim