RE: namedroppers, continued

[Randy Presuhn <rpresuhn at dorothy.bmc.com>]

Hi -

> Message-Id: <5.2.0.9.2.20021206132845.01b56f88 at mira-sjcm-4.cisco.com>
> Date: Fri, 06 Dec 2002 13:41:52 -0800
> To: "Hallam-Baker, Phillip" <pbaker at verisign.com>
> From: Fred Baker <fred at CISCO.COM>
> Subject: RE: namedroppers, continued
> Cc: ietf at ietf.org, namedroppers at ops.ietf.org, iesg at ietf.org
> In-Reply-To: <CE541259607DE94CA2A23816FB49F4A34D60B6 at vhqpostal6.verisign
>  .com>
...
> I would be in favor of that, personally, as long as we can ensure that the 
> appropriate signature facility (be it RSA, PGP, or whatever) is freely 
> available to all who need to use it. The issue here is not us corporate 
> types who have a business reason to buy the software, it is the students 
> who often lack the funds. The big issue would be the procedures for posting 
> one's key to the appropriate place - what is to stop a spammer from posting 
> a key and sending the spam anyway? I'm not proposing a mechanism, but 
> someone who is good at such things might well find it of value.
...

At least for now, the stuff with forged addresses aimed at
the IETF lists I handle can be stopped simply by blocking
multipart/alternative, multipart/mixed, and text/html.
Is this generally true, or am I working with a particularly
old-fashioned subscriber base?

On non-IETF lists I manage, I've had to permit these types, and
resort to finer-grained (read costlier) spam-blocking measures.

 ------------------------------------------------------
 Randy Presuhn          BMC Software, Inc.  SJC-1.3141
 ------------------------------------------------------
 My opinions and BMC's are independent variables.
 ------------------------------------------------------