Hi - > Message-Id: <5.2.0.9.2.20021206132845.01b56f88@mira-sjcm-4.cisco.com> > Date: Fri, 06 Dec 2002 13:41:52 -0800 > To: "Hallam-Baker, Phillip" <pbaker@verisign.com> > From: Fred Baker <fred@CISCO.COM> > Subject: RE: namedroppers, continued > Cc: ietf@ietf.org, namedroppers@ops.ietf.org, iesg@ietf.org > In-Reply-To: <CE541259607DE94CA2A23816FB49F4A34D60B6@vhqpostal6.verisign > .com> ... > I would be in favor of that, personally, as long as we can ensure that the > appropriate signature facility (be it RSA, PGP, or whatever) is freely > available to all who need to use it. The issue here is not us corporate > types who have a business reason to buy the software, it is the students > who often lack the funds. The big issue would be the procedures for posting > one's key to the appropriate place - what is to stop a spammer from posting > a key and sending the spam anyway? I'm not proposing a mechanism, but > someone who is good at such things might well find it of value. ... At least for now, the stuff with forged addresses aimed at the IETF lists I handle can be stopped simply by blocking multipart/alternative, multipart/mixed, and text/html. Is this generally true, or am I working with a particularly old-fashioned subscriber base? On non-IETF lists I manage, I've had to permit these types, and resort to finer-grained (read costlier) spam-blocking measures. ------------------------------------------------------ Randy Presuhn BMC Software, Inc. SJC-1.3141 ------------------------------------------------------ My opinions and BMC's are independent variables. ------------------------------------------------------