Genes MailLists lists at sapience.com
Tue Nov 30 12:44:19 UTC 2010


On 11/30/2010 06:48 AM, Tim wrote:
> On Mon, 2010-11-29 at 19:17 -0600, Ranjan Maitra wrote:
>> Is it that difficult to spoof an e-mail address and post pretending
>> from there?
> 
> The current email systems don't have any way to enforce correct
> identification of a sender.  So you can write (almost) whatever you like
> in the "from" address header.  It may have to be potentially valid,
> depending on the checks done by a mail server, but they only check that
> the address is well-formed, not whether it's actually correct.


  Mailers do actually have a way - DKIM does exactly that - so if we
required DKIM that would help.

  Pros:
          * Obvious


  Cons:
          *  would limit posters to DKIM compliant mail (like gmail and
yahoo and those that turn it on). Not sure how much of a limitation this is?

          * Some work to turn this on.

          * the fedora-xxx mailers probably would also need to use DKIM

          * the list server would need to made DKIM compliant (would
seem to be rude to require DKIM but not have list be DKIM compliant
after all !!)

          * Resources - would there be interest enough and resources to
do this.

  I believe it is a worthy goal ... LKML passes through a lot more spam
from what I see - which may suggest that the fedora list registration
process to post does add frictions for spammers in practice.



  gene/






More information about the users mailing list