[Gllug] Spammers
Peter Childs
blue.dragon at blueyonder.co.uk
Tue Sep 23 15:25:10 UTC 2003
On Tue, 23 Sep 2003, Jason Clifford wrote:
> On Tue, 23 Sep 2003, Tim Gray wrote:
>
> > <CREATURE TYPE="CAT" LOCATION="AMONGST PIGEONS">
> > Personally I'd like to see mandatory certificates for SMTP servers, at
> > least it would be more difficult to stop spammers using your email address.
> > </CREATURE>
>
> If such a system were in place all that would be needed to circumvent it
> would be for a certificate agency to either go rogue (think verisign right
> now!) or be bought out by a spammer or for a spammer to obtain a root or
> high level certificate.
>
> Then because all the MTA's would trust the certificate implicitely all
> protection would be gone.
>
> As it stands there is no reason to trust any server connecting to your box
> so you put in place such policies to limit the risk as you think
> reasonable.
>
> This is not something I think can be mandated with any real success. It's
> the same arguement as per id cards.
>
> Jason Clifford
>
but if everyone shows there certificate you can always revoke that
certificate. If the agecy goes rogue you just revoke that agecy. Think
unique id's not. If you think somone else is using your certifacate CHANGE
IT.
Peter Childs
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list