[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Lots of (easily recognisible) spam sent to the BTS today

On Tue, Oct 31, 2006 at 11:51:16PM -0700, Bruce Sass wrote:
> > Decreasing the score at which we ignore messages is trivial, but it
> > means increasing the number of false positives. [And because
> > backscatter is bad, these will be messages which just "disappear",
> > unless some (massochistic) person actually goes through the spam
> > mailboxes.]
> Ya. I generally don't like anti-spam techniques because they require 
> either the sender or recipient to jump through hoops, or are prone to 
> false positives... but limiting interaction with the BTS to 
> pre-verified users (as requiring signed messages by DD's would do) is 
> an even smaller (as in harder to jump through) hoop than requiring a 
> specific, easily reproduced with any MUA, format for messages sent to 
> the BTS.

When I have suggested that (sending signed messages to the BTS to be
accepted for processing) it was 

a) for mails to -close  or to control@b.d.o to prevent a spammer/malicious
   person from closing all the bugs or mangling with the BTS in such a way
   that would take us some effort to recover

b) restricted to providing a signed mail, not necessarily with a signature in
   the DD keyring. (this could be added later on to prevent abuse, if needed
   be and could still have a 'whitelist' of valid keys which could include
If there's a non-DD playing with the BTS (closing bugs or using control@) I
guess it's not really too much to ask for them to use signed e-mails when
fiddling with it. Is it?



Attachment: signature.asc
Description: Digital signature

Reply to: