Secure Email-to-Blog

Alex at slackerbit.ch came up with a mail2blog script that uses PGP signatures to securely authenticate the sender. Specifically, it uses the GnuPG.pm perl module to interface with gpg--after you've added your public key to the keyring used by the mail2blog script, signing your email messages provides all of the authentication necessary. Very cool, particularly the bit that assigns categories and pings TrackBack URLs.

I actually wrote something like this about 9 months ago; we've been using it ourselves for email-to-blog posting. We haven't released it in the main Movable Type code because setting it up would be beyond the means of many MT users, and thus supporting it would be too difficult.

The benefit of PGP-signing mail for authentication is that you don't have to send your password, or a secret subject, etc. in order to authenticate yourself to the receiver; the downside is that the sender must have PGP installed. When using a standard email client, this isn't an issue, because there exist good PGP implementations for pretty much every platform (and most email clients).

But what about mobile phones or handhelds? I don't know of any network-enabled phones/handhelds with PGP built in (if you know of any, I'm sure there are many people who'd love to hear about them). For example, Mena has a SideKick, and she posts pictures taken with the camera to dollarshort. But the SideKick's email client doesn't have PGP enabled, so we had to come up with an alternative. When moblogging becomes more popular, though, issues like security and digital identity will come up, and a phone with PGP built in could be a killer application.