[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: forgeries increasing
From: |
Jim Meyering |
Subject: |
Re: forgeries increasing |
Date: |
Thu, 31 Jan 2008 15:20:01 +0100 |
address@hidden (Bob Proulx) wrote:
> Forgeries are getting more common. Take this one for example.
>
> http://lists.gnu.org/archive/html/info-cvs/2008-01/msg00103.html
>
> The message is using a forged address from a poster who has several
> other in that same thread. The forged message came in through a news
> to mail gateway. Actual messages from that poster are being sent by
> email. By looking at the message headers it is easy to see that these
> messages are coming from different senders. But because the forged
> address was subscribed to the mailing list it was passed through
> without any check.
>
> Here are several more examples:
>
> http://lists.gnu.org/archive/html/info-cvs/2008-01/msg00088.html
> http://lists.gnu.org/archive/html/info-cvs/2008-01/msg00090.html
> http://lists.gnu.org/archive/html/info-cvs/2008-01/msg00091.html
> http://lists.gnu.org/archive/html/info-cvs/2008-01/msg00093.html
> http://lists.gnu.org/archive/html/info-cvs/2008-01/msg00098.html
>
> All of these look to have come through a news gateway.
Hi Bob,
In case this ever becomes a big enough problem:
maintain a profile for each subscriber, and when s/he posts
with a significantly different header "signature" (i.e., derived
from some amalgam of fields like Message-Id, Received: etc.), then
require a delay or manual approval.
Obviously, there's the small matter of coding, not to mention
coming up with a good heuristic for determining what "significantly
different" should mean.
And of course, you can skip the check if a message is signed,
or if headers themselves can be authenticated.
I suspect this is nothing new, and I know spamassassin provides
a way to do some of this manually. Anyone know of code to do it
automatically?