On Tue, Oct 31, 2006 at 11:51:16PM -0700, Bruce Sass wrote: > > Decreasing the score at which we ignore messages is trivial, but it > > means increasing the number of false positives. [And because > > backscatter is bad, these will be messages which just "disappear", > > unless some (massochistic) person actually goes through the spam > > mailboxes.] > > Ya. I generally don't like anti-spam techniques because they require > either the sender or recipient to jump through hoops, or are prone to > false positives... but limiting interaction with the BTS to > pre-verified users (as requiring signed messages by DD's would do) is > an even smaller (as in harder to jump through) hoop than requiring a > specific, easily reproduced with any MUA, format for messages sent to > the BTS. When I have suggested that (sending signed messages to the BTS to be accepted for processing) it was a) for mails to -close or to control@b.d.o to prevent a spammer/malicious person from closing all the bugs or mangling with the BTS in such a way that would take us some effort to recover b) restricted to providing a signed mail, not necessarily with a signature in the DD keyring. (this could be added later on to prevent abuse, if needed be and could still have a 'whitelist' of valid keys which could include non-DDs) If there's a non-DD playing with the BTS (closing bugs or using control@) I guess it's not really too much to ask for them to use signed e-mails when fiddling with it. Is it? Regards Javier
Attachment:
signature.asc
Description: Digital signature