[linux-elitists] e-mail scriptrollas

Karsten M. Self kmself@ix.netcom.com
Fri Sep 12 16:30:25 PDT 2003


on Fri, Sep 12, 2003 at 04:10:15PM -0700, Nick Moffitt (nick@zork.net) wrote:
> begin  Adam Kessel  quotation:
> > Good point, I should have thought of that. I suppose you'd then want a
> > whitelist of either email addresses or URL domain names. Maybe it gets
> > too complicated to be worth the trouble.
> 
> 	E-mail whitelists have always been useless, since e-mail
> headers are inherently forgeable.

Amusing in that I'm writing an article on the faults of C-R
(challenge-response) as I read this.

Whitelists aren't fully useless -- used in a multifactor, weighted
assessment, they can be used with some level of usefulness.  Strong
assurance requires strong authentication -- GPG, PGP, or S/MIME
signatures, for example.

Applying a URL fetch to selected mail, after AV and spam filtering,
might have some merits.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Defeat EU Software Patents!                         http://swpat.ffii.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030913/638d55d9/attachment.pgp 


More information about the linux-elitists mailing list