Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam

Valdis.Kletnieks_at_vt.edu
Date: 11/27/04

  • Next message: kf_lists: "Re: [Full-Disclosure] To anybody who's offended by my disclosure policy"
    To: n3td3v <xploitable@gmail.com>
    Date: Fri, 26 Nov 2004 18:21:49 -0500
    
    
    

    On Fri, 26 Nov 2004 16:51:27 GMT, n3td3v said:

    > I was thinking, why are all e-mail addresses not encrypted as soon as
    > they leave the authors mail client, surely this would stop anyone
    > seeing the address, apart from the mail client at the other end the
    > message was intended for. And when a user mails a mailing list the
    > e-mail address could be read by the mailing list software, but stays
    > encrypted for the broadcast out to the subscribers of the list.

    The biggest problem here is that "reply" breaks.

    The less obvious problem is that you are implying a way for the mailing
    list software to decrypt the address, but *not* allow a spammer to decrypt
    the address. The only obvious solution for *that* is to encrypt to the
    public key of the mailing list (forget a "shared secret" scheme, that won't
    scale at all). This however implies that your MUA knows about the public
    keys for all lists you post to (which also means that you can't send e-mail
    from a internet cafe or any machine that doesn't know what lists you are on).

    An even less obvious problem is that you lose all cross-list identity - perhaps
    'n3d3v' only posts to F-D, but I post to a number of lists, and a large number
    of people read my postings on multiple lists. As such, things like "Oh, he's
    the guy who posts clued stuff on NANOG" or "Oh, that's Harlan Carvey, he has a
    clue over on that other list" are difficult to correlate across lists....

    (It cuts both ways - it also means that you have to re-learn that a given user
    is a total idiot over and over, once for each list, rendering kill files much
    less useful...)

    I'm sure if I think some more, I'll spot some more problems.. :)

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



  • Next message: kf_lists: "Re: [Full-Disclosure] To anybody who's offended by my disclosure policy"

    Relevant Pages

    • Re: Evolution and Seahorse playing together
      ... No, Evolution is a mail client, this is a PGP/GPG issue. ... is how most mail clients will find the right key to encrypt a message ... A user should set up their public key with the addresses it'll ... I read messages from the public lists. ...
      (Fedora)
    • Re: Mailing list "reply-to" setting
      ... If you need subject line tags, or your mail client doesn't properly know how to respond only to the list, or whatever -- please go work that out on your own. ... While on inbox I filter by looking at the tags. ... over 50 mailing lists and this is the only one which does not tag the ...
      (comp.protocols.dns.bind)
    • Re: post within a thread when using digest mode? [was: fedora-list Digest, Vol 2, Issue 17]
      ... Well that _MAY_ depend on your mail client. ... I can tell because if I turn on full header mode and look at my ... to put the lists address in your address book and start a new message ... Perhaps one of the threaded list readers would like to help you figure ...
      (Fedora)
    • Re: Scared by the high traffic in the maillist
      ... I think you'd need to have a very poor mail client, in the first place, ... to make it more convenient to use the mess that's a digest post instead ... To be honest, for high volume message lists, news groups are the best. ... them), ignore and watch threads, and, probably most importantly, be able ...
      (Fedora)
    • Re: [PHP] PHP RFC # 0001 --- List Etiquette [SOLVED]
      ... computer related mailing lists like this for years. ... Please fix your mail client or use a better one! ... Obviously not all of them can be enforced strictly (like the disclaimer ... Get more useful archives ...
      (php.general)