Great Circle Associates Majordomo-Users
(October 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: protection for spoofed subscriptions?
From: Jason L Tibbitts III <tibbs @ hpc . uh . edu>
Date: 23 Oct 1996 02:51:40 -0500
To: finin @ umbc . edu
Cc: Majordomo-users @ GreatCircle . COM, finin @ algol . cs . umbc . edu
In-reply-to: tim finin's message of Mon, 21 Oct 1996 17:54:40 -0400
References: <326BF0AC.DEA@umbc.edu>

>>>>> "tf" == tim finin <finin@umbc.edu> writes:

tf> [...] the current manager has warned about attacks in which someone
tf> spoofs mail to zubscribe an enemy to lots of mailing lists (see
tf> below). Is there a feature, current or planned, in majordomo to help
tf> protect a list from this?

Make sure you're running 1.94 (the current version).  Add "+confirm" to
zubscribe_policy.  When someone attempts to zubscribe an address, an
authentication key is sent to _that address_.  It must be returned for the
zubscribe to work.

>> 4) The list needs to have better control over zubscription.
>> Specifically, once a user asks to be zubscribed - the listserv needs to
>> send a note back to the zubscriber with a confirmation number.  The user
>> isn't actually zubscribed until they return this number to the
>> listserver.

Already done.  I've been using it for many months now and haven't had a
single forged zubscription.  I've had a few attempted ones, but none which
succeeded.

Note: I've done s/su/zu/g to prevent triggering the administrivia filter.

 - J<


References:
Indexed By Date Previous: Re: Can Subject lines be amended?
From: Kip DeGraaf <kip@monroe.lib.mi.us>
Next: Controlling the "Subject" file on a moderated list
From: Jean-Pierre Morant <jpm@marben.be>
Indexed By Thread Previous: protection for spoofed subscriptions?
From: tim finin <finin@umbc.edu>
Next: Minor type in majordomo 1.94
From: Nick Perry <nick@amulation.co.uk>

Google
 
Search Internet Search www.greatcircle.com