Re: More problems with Debian and list SPAM
I demand that Manfred Wassmann may or may not have written...
> Herbert Xu <herbert@gondor.apana.org.au> writes:
>> Manfred Wassmann <manolo@ncc-1701.b.shuttle.de> wrote:
>>> IMHO it doesn't make much sense to close the lists as long as they are
>>> available in full detail through the web interface. If you want to spam
>>> the list you can get as many valid sender addresses as you like.
>> Nope, emails sent directly can be easily filtered out.
>> If this is implemented, then it should be done for all @debian.org emails.
> Hmm, either me or you didn't get the point here. What I was pointing at is
> that whitelist filtering may be easily bypassed if the email addresses on
> the whitelist are spread all over the web.
> Just google for some message that appeared on a debian list, take the
> sender address and use it as the fake sender of your spam.
Parse the Received headers, stopping when there are no more headers to check
or a sending machine is found which matches or is the MX for the hostname
given in the envelope sender address?
Of course, people may wish to provide a different envelope sender address,
and there's the processing overhead... and this can be skipped entirely if
a valid signature from a Debian developer or, possibly, one for whom a trust
path to a Debian developer can be established.
Overkill? You decide :-)
--
| Darren Salt | nr. Ashington, | linux (or ds) at
| Linux PC, Risc PC | Northumberland | youmustbejoking
| No Wodniws here | Toon Army | demon co uk
| Not a Debian developer, but should probably become one
Warning: Windows 98 nearly installed. (R)estart, (I)gnite, (C)rash?
Reply to: