I just got a bounce that the other topic was locked. I'd like to
recommend the use of cryptographic signatures as a means to be
reasonably assured of the sender's legitimacy.
The recent thread is all the more reason to use tools such as
cryptographic signatures where possible, IMO. Unfortunately, some
amateur radio mailing lists block signed messages and I must send
messages to those lists in the clear (all of the Linux related lists I
subscribe to accept signed messages). Now, a cryptographic signature
does not prevent someone from spoofing my email address, but if it's a
direct mail from me and it's not signed like this one is, then the
recipient can be assured that it wasn't from me.
The spoofing of email addresses is a problem but it doesn't necessarily
mean that an account was cracked. However, when using a cryptographic
signature, the spoof is easily identified as the spoofer should not have
access to the private key used to sign the email nor should he know the
password to unlock the private key for signing. An email client program
will check the signed message against the public key which is often
available from a public key server and verify the signature.
"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."
Web: https://www.n0nb.us GPG key: D55A8819 GitHub: N0NB