[cairo] RE: You have been unsubscribed from the cairo-announce
mailing list
Nathaniel Gray
n8gray at caltech.edu
Fri Nov 3 14:08:10 PST 2006
Carlo Wood wrote:
> On Fri, Nov 03, 2006 at 10:03:50AM -0800, Ralph Giles wrote:
>> We don't have to clean the spam filters anymore, but only the core
>> developers can remember how to post to the lists, so it effectively
>> killed outside traffic. I don't recommend it.
>
> I didn't say that one should stop mail that DON'T have the extra
> header. Do it like it is now (you need to subscribe to post),
> but also allow mail from non-subscribers if they have some well-known
> header that works for every mailinglist in the world (assume that
> could be organised).
If it's the same for every mailing list in the world it'll be
compromised quickly. If you don't believe me, let me tell you a story.
I have a little low-traffic blog (www.n8gray.org) and I figured using
a simple keyword "Turing test" would be enough to keep spammers away.
To post a comment you needed to analyze something like:
"To post a comment, put the first word of the following sentence in
this field: 'Turing was a great mathematician.'"
I even stuck some non-displaying html into "Turing" to make it harder to
harvest by bots. Nonetheless, I got spammed. If somebody went to the
trouble of figuring out how to spam my nothing blog you can bet your
bottom dollar they'll figure out the keyword to unlock every mailing
list in the world!
I like the crypto-signing option because it leaves open options for
building a real web of trust. e.g. If you've signed with a key stored
on server foo then you're allowed to post anywhere in the world. Plus
most mailers offer some way to cryptographically sign mail.
Cheers,
-n8
--
>>>-- Nathaniel Gray -- Caltech Computer Science ------>
>>>-- Mojave Project -- http://mojave.cs.caltech.edu -->
More information about the cairo
mailing list