[linux-elitists] e-mail scriptrollas
Karsten M. Self
Fri Sep 12 16:30:25 PDT 2003
on Fri, Sep 12, 2003 at 04:10:15PM -0700, Nick Moffitt (firstname.lastname@example.org) wrote:
> begin Adam Kessel quotation:
> > Good point, I should have thought of that. I suppose you'd then want a
> > whitelist of either email addresses or URL domain names. Maybe it gets
> > too complicated to be worth the trouble.
> E-mail whitelists have always been useless, since e-mail
> headers are inherently forgeable.
Amusing in that I'm writing an article on the faults of C-R
(challenge-response) as I read this.
Whitelists aren't fully useless -- used in a multifactor, weighted
assessment, they can be used with some level of usefulness. Strong
assurance requires strong authentication -- GPG, PGP, or S/MIME
signatures, for example.
Applying a URL fetch to selected mail, after AV and spam filtering,
might have some merits.
Karsten M. Self <email@example.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Defeat EU Software Patents! http://swpat.ffii.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030913/638d55d9/attachment.pgp
More information about the linux-elitists