>>>>> "tf" == tim finin <finin@umbc.edu> writes:
tf> [...] the current manager has warned about attacks in which someone
tf> spoofs mail to zubscribe an enemy to lots of mailing lists (see
tf> below). Is there a feature, current or planned, in majordomo to help
tf> protect a list from this?
Make sure you're running 1.94 (the current version). Add "+confirm" to
zubscribe_policy. When someone attempts to zubscribe an address, an
authentication key is sent to _that address_. It must be returned for the
zubscribe to work.
>> 4) The list needs to have better control over zubscription.
>> Specifically, once a user asks to be zubscribed - the listserv needs to
>> send a note back to the zubscriber with a confirmation number. The user
>> isn't actually zubscribed until they return this number to the
>> listserver.
Already done. I've been using it for many months now and haven't had a
single forged zubscription. I've had a few attempted ones, but none which
succeeded.
Note: I've done s/su/zu/g to prevent triggering the administrivia filter.
- J<
References:
|
|
