[vox] Re: spam control: send email to confirm
Micah J. Cowan
vox@lists.lugod.org
Wed, 25 Jun 2003 19:32:41 -0700
On Wed, Jun 25, 2003 at 07:48:52PM -0700, Sam Peterson wrote:
> > But there really isn't any other way I can think of to confirm
> > e-mails reliably.
>
> PGP/GPG but that's way too complicated a bag-o-worms to open up for
> mailing list subscriptions.
How would you use PGP to accomplish this? You could sign your request,
but you would need to have some way for the server to obtain a copy of
your public key, and verify that it is indeed the property of the
e-mail address claiming to own it. This is nearly impossible.
It could of course, do a look-up in some public key servers for your
e-mail address, but of course it would be a simple matter for someone
to submit any arbitrary public key for the e-mail address in question,
if they don't exist, and then authenticate all they want.
Of course, the server could defend against this by sending an
auto-respond confirm request :-) :-) :-)
-Micah