On 11/30/2010 06:48 AM, Tim wrote:
On Mon, 2010-11-29 at 19:17 -0600, Ranjan Maitra wrote:
> Is it that difficult to spoof an e-mail address and post pretending
> from there?
The current email systems don't have any way to enforce correct
identification of a sender. So you can write (almost) whatever you like
in the "from" address header. It may have to be potentially valid,
depending on the checks done by a mail server, but they only check that
the address is well-formed, not whether it's actually correct.
Mailers do actually have a way - DKIM does exactly that - so if we
required DKIM that would help.
Pros:
* Obvious
Cons:
* would limit posters to DKIM compliant mail (like gmail and
yahoo and those that turn it on). Not sure how much of a limitation this is?
* Some work to turn this on.
* the fedora-xxx mailers probably would also need to use DKIM
* the list server would need to made DKIM compliant (would
seem to be rude to require DKIM but not have list be DKIM compliant
after all !!)
* Resources - would there be interest enough and resources to
do this.
I believe it is a worthy goal ... LKML passes through a lot more spam
from what I see - which may suggest that the fedora list registration
process to post does add frictions for spammers in practice.
gene/