RE: namedroppers, continued

Hi -

> Message-Id: 
> <5(_dot_)2(_dot_)0(_dot_)9(_dot_)2(_dot_)20021206132845(_dot_)01b56f88(_at_)mira-sjcm-4(_dot_)cisco(_dot_)com>
> Date: Fri, 06 Dec 2002 13:41:52 -0800
> To: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
> From: Fred Baker <fred(_at_)CISCO(_dot_)COM>
> Subject: RE: namedroppers, continued
> Cc: ietf(_at_)ietf(_dot_)org, namedroppers(_at_)ops(_dot_)ietf(_dot_)org, 
> iesg(_at_)ietf(_dot_)org
> In-Reply-To: 
> <CE541259607DE94CA2A23816FB49F4A34D60B6(_at_)vhqpostal6(_dot_)verisign
>  .com>
...
> I would be in favor of that, personally, as long as we can ensure that the 
> appropriate signature facility (be it RSA, PGP, or whatever) is freely 
> available to all who need to use it. The issue here is not us corporate 
> types who have a business reason to buy the software, it is the students 
> who often lack the funds. The big issue would be the procedures for posting 
> one's key to the appropriate place - what is to stop a spammer from posting 
> a key and sending the spam anyway? I'm not proposing a mechanism, but 
> someone who is good at such things might well find it of value.
...

At least for now, the stuff with forged addresses aimed at
the IETF lists I handle can be stopped simply by blocking
multipart/alternative, multipart/mixed, and text/html.
Is this generally true, or am I working with a particularly
old-fashioned subscriber base?

On non-IETF lists I manage, I've had to permit these types, and
resort to finer-grained (read costlier) spam-blocking measures.

 ------------------------------------------------------
 Randy Presuhn          BMC Software, Inc.  SJC-1.3141
 ------------------------------------------------------
 My opinions and BMC's are independent variables.
 ------------------------------------------------------