Great Circle Associates List-Managers
(July 1995)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Another header from the russian brides asshole
From: Lazlo Nibble <lazlo @ swcp . com>
Date: Sun, 23 Jul 1995 10:41:46 -0600 (MDT)
To: list-managers @ greatcircle . com (lm)

> ...there is no BUG in IBM's SMTP software because it is not mandatory to
> perform the test in question. It  is not a  SECURITY HOLE  because the
> standards  demand that forged messages be taken at face value.

While I admit this is just semantics, I disagree.  You may be leaving your
front door unlocked because you have to in order to allow your aged 
grandmother admittance at all hours of the day or night, but leaving it
unlocked is still a security hole. :-)

I've been mulling the issue of mailing-list address verification for a while.
If it's important enough to people, we could certainly design some sort of
key-passing mechanism into the signup procedures for some mailing lists
-- for example:

   Potential subscriber makes subscribe request;
   List server replies with list charter and an arbitrary key built from 
       the potential subscriber's address, the time of day, and a special 
       password set by the list manager on the server end;
   Potential subscriber must reply with this key within some arbitrary time
       period in order to join the list.

When used, this assures that the subscriber is coming from a valid email
address.  It may look like overkill now, but I'm willing to bet that it won't
look like overkill at this time next year . . .

--
::: Lazlo (lazlo@swcp.com; http://www.swcp.com/lazlo) 


Follow-Ups:
Indexed By Date Previous: Re: anti-spam features?
From: "Erich Schulman (KTN4CA) -- Team OS/2" <acme@use.usit.net>
Next: Re: Another header from the russian brides asshole
From: Brian Hartsfield <bh@hq.stargame.org>
Indexed By Thread Previous: Re: Another header from the russian brides asshole
From: Mari Sepp{ <zarr@snakemail.hut.fi>
Next: Re: Another header from the russian brides asshole
From: Brian Hartsfield <bh@hq.stargame.org>

Google
 
Search Internet Search www.greatcircle.com