At 12:28 9/15/94 -0400, firstname.lastname@example.org wrote:
>I just sent the following message and was able to unsubscribe a
>completely _different_ address (murphyl@pobox) than the address I sent
>it from (email@example.com) from the list named "fresh", which has
>an open subscription policy (subscribe_policy = open).
>--text follows this line--
>This means that "open" is only slightly better than "auto" as a
>subscription policy, because using the "Reply-To" field, anyone can
>pretend to be anyone else! Majordomo doesn't check Reply-To against
>"From " or "From:" to be sure they are the same. I would've expected,
>with the Open policy, that it would have forwarded the request to the
>list owner for approval since Reply-To didn't match the real address
>from whence the request came.
And you think that "From:" does tell you where the mail really is from?
It can be faked just about as easily as "Reply-To:".
There is no authentication in standard Internet email; therefore, there
is no real security in Majordomo. What "security" there is, is intended
to prevent folks from trivially making a nuisance of themselves. It is
particularly strong, never has been, and was never intended to be. See
the original Majordomo paper (available for anonymous FTP:
) for a complete discussion of this.
If folks want real security and authentication in Majordomo, somebody
should investigate integrating PGP support.
By the way, _I_ consider the ability to "fake out" Majordomo with a
"Reply-To:" header a feature, not a bug; I use it all the time.
Brent Chapman | Great Circle Associates | Call or email for info about
Brent@GreatCircle.COM | 1057 West Dana Street | upcoming Internet Security
+1 415 962 0841 | Mountain View, CA 94041 | Firewalls Tutorial dates