[Mailman-Users] How do the spammers do it?
Brad Knowles
brad at stop.mail-abuse.org
Mon May 16 16:20:21 CEST 2005
At 2:37 PM +0200 2005-05-16, Christophe Meessen wrote:
>> If the signature is automatically generated by the MUA, then the
>> trojans/spybots can make use of this and still get through. The only
>> way you can make this work is if you require actual human intervention
>> on the part of the sender,
>
> That's true and is also the normal working model for signed messages.
Not with the plug-ins I've seen. They work to make cryptographic
signatures as simple and easy to use as possible, which means that
there must be absolutely no additional user involvement required.
>> and that would probably also require human intervention on the part
>> of the mailing list administrator -- for each and every message.
>
> That's not true. A mail signature is basically a hash value encrypted
> with a secret key.
I am quite well acquainted with the nature of public key
encryption. I've been using PGP since before the 2.6 days, I donated
money to Phil for his defense, and I personally know Mike Elkins (the
guy who wrote the PGP/MIME RFC, as well as the principal author of
mutt, the premier PGP/MIME MUA).
I don't use PGP today because it's too much of a pain to
integrate with my MUA of choice on my platform of choice, although I
am always close to being pushed over the edge to moving all ten-plus
GB of my mail archives over to mutt, because I've been forced to futz
around with this damn program one too many times.
The problem is that if the crypto signature on the client side
does not forcibly require the user to manually intervene and sign
each and every message, then in order to achieve the result you're
looking for you will instead force the list moderator to manually
intervene and personally check and approve each and every message.
> Whenever this user sends a signed mail to the list you use his public
> key to decode the hash value and check the mail integrity. If it's
> valid you may forward it to the list. The signature can be removed if
> desired. This would protect the list from forged mails.
But it wouldn't protect us at all against Sober.Q or whatever the
latest variant is, since they already have complete control over the
users MUA and they can send out millions of messages as being "from"
that user, including all necessary cryptographic signatures.
> For lists that don't require subscription, there is no way to make
> a difference with spammers and normal users.
The problem is far more complex (and worse) than that. Even for
lists that do require subscriptions, there is no way you can reliably
tell the difference between a legitimate mail message and spam,
regardless of whether or not it was spoofed.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list