Kevin Brown wrote: >>>> Hmmm... So how will sharing public keys stop spammers from using your >>>> (or the list's) email address? >>> >>> >>> I was thinking about this the other day. Would it be possible to >>> make a >>> secure mailing list? >> > > Sounds less like an issue with an insecure mailing list than just a > mail with a forged from header. > >>> So lets say that the list had a GPG key, and all the users had GPG >>> keys. Now if the user, when sending an e-mail to the list, used the >>> list's key and encrypted the message with that key. Then, when the >>> list >>> manager got the message, it decrypted it, checked the signature, and >>> then reencrypted it to all the users on the list. (I'm assuming >>> everyone sends their public key as part of the mailing list sign up) >>> >>> Would that be a secure list? >> > > Secure, yes, good for the mail server, probably not as the load on the > server would be much higher. > >> How would one browse the archives of encrypted messages? > > > One couldn't without the servers private key. > >> Another questions it made me think of is would this prevent spammers >> from >> stealing email addresses? > > > It wouldn't and doesn't stop them from using the list address as the > reply-to (same thing with worms and viruses as they also forge headers). > >> I'm thinking the encryption is only done on the message content, would >> someone please correct me if I'm mistaken? > > > Correct as the other mail servers have to know how to route the > message and they can't do that on encrypted headers. > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > Perhaps I should make this a separate thread however I feel the need to bring this up. The open source community is going to have to address these concerns before M$ does. If we do it we have a small chance of keeping the standards open if M$ comes up with a viable (or even believable ) solution before we do we can say goodbye to an open internet. Everyday now I receive bounce mail that I never sent out. I have to assume that some spam list somewhere is sending spam out claiming to be from me. We have to be able to stop that. It shouldn't be too hard to create a mailing list that only allows signed messages though. But perhaps we should be thinking on a grander scale how about a mail server that only routes gpg signed msgs. How about a mail filter that puts all unsigned messages in a seperate folder. None of the current issues with mail are really big. In fact I believe the technology is mostly there already but if we don't put them all together (think napster) M$ is going to hijack the web. -- Carl Parrish(cparrish@carlparrish.com) http://www.carlparrish.com -- Registered Linux User #295761 http://counter.li.org --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss