On Mon, 22 Mar 2004, Dennis Boone wrote: > Like a lot of folks I suppose, we're fighting the issue of forged from > addresses and list posting, caused mostly by the spam and virus plague. > For now, the solution is obvious if tedious: use "send= blah,confirm". > > I'm wondering if there's any support planned for letting posters > (or editors or ...) sign messages using public-key schemes. This would > let us go back to single phase posting, getting a large number of > people off my back. (:-) We've implemented a private key system for two of our announce-only lists. What we are doing would not be feasible for a larger list -- but it works. The process is easy enough: The originating system generates e-mail and adds special headers with a copy of the sender's public key and a cryptographic header (encoded with the sender's private key and the public key for the list and based on parts of the message). The receiving system passes the email through a filter that checks for the special header and matches it against the proper parts of the message using the private key for the list and the public key from the sender. If it fails, the message is silently dropped. If it clears, the filter removes the special headers and passes it off to LISTSERV. It works great -- no spam messages or other spurious messages to the list to the list maintainer, no need for any verification or validation. Users can't see anything, so no questions about "funny headers." On the negative side, I am not allowed to share code beyond what I've written above. PK is a great idea, but it would be tremendously difficult to do with a large list and a variety of people contributing. It's much more easily done when you have something like an announce list. -- DCP