[Mailman-Developers] Opening up a few can o' worms here...

[J C Lawrence]

On Tue, 16 Jul 2002 18:55:52 -0400 
Jay R Ashworth <jra@baylink.com> wrote:
> On Tue, Jul 16, 2002 at 10:58:00AM -0700, Chuq Von Rospach wrote:

> Automatically verifying PGP sigs as a whitelisting technique is merely
> one approach that springs to mind.  There are many more.

Nothing prevents SPAMmers from creating endless addresses and GPG keys
which they register with the various key servers, and they will once
that barrier becomes popular enough to notice.

> Yeah, but the Outhouse and OE teams aren't ever going there, and
> they're your problem.

No, they're merely the most visible manifestation.  Address collection
by MUAs is not new, and most of the other big Windows MUAs either do it
as well, or can be relied upon adding that feature in the next 18
months.

> Do you have documentary evidence, Chuq, that web harversters are the
> *only* way that *a majority* of the spam-complainers addresses could
> have gotten on those lists?  Have you created test-accounts?  Not 1 or
> 2; a couple dozen, in different places?

I've created a set of addresses on Kanga.Nu which pipe direct into
razor-report.  Those addresses are __ONLY__ visible on the relevant web
pages.  Each of them gets an average of 10 SPAM a day -- and those
addresses are less than 6 months old.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw@kanga.nu               He lived as a devil, eh?		  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.