LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Modifying 'FROM'

"Busdiecker, Linda E." <[log in to unmask]>

Thu, 23 Sep 1999 09:22:53 -0400

text/plain (57 lines)

Re: Pete Weiss' editorial comments below -- only authorized public affairs
staff within the county would be able to send announcements to the list,
this is not something where anyone could spoof mail.  We were trying for the
look of a generic email account without the extra work of a staff member
needing to edit each message.

Ben Parker gave the answer I needed saying that 'One of the internet mail
standards (RFC822) requires that the From: address shall be the original
author of the message.  LISTSERV provides no means to
alter or change this particular header because it is not allowed to.'

-----Original Message-----
From: Pete Weiss [mailto:[log in to unmask]]
Sent: Thursday, September 23, 1999 8:04 AM
To: [log in to unmask]
Subject: Re: Modifying 'FROM'

At 17:59 09/22/1999 Wednesday , Busdiecker, Linda E. wrote:
 >Because I work for a fairly large county with lots of agencies and
 >departments.  The Office of Public Affairs would really like for
everything
 >to go out under one email address to show citizens that this is really
from
 >our county government (granted, anyone can pose as anyone else, but
they're
 >trying to lend credibility to this).
 >
 >We could have lots of people pose as someone else, but I thought it made
 >more sense to have the software that we've just bought ensure consistency
if
 >possible ...

Linda:

Editorial Comment follows:

It is incomprehensible to me that you would allow *anyone* to "spoof" a
generic OPA FROM: address.  By doing so, you create an oxymoron:  "that
this is really from our county government"

Instead, you need to assure your customers that not just anyone can spoof
the FROM: by making appropriate list keyword adjustments so that a
"cookie" is sent to an authorized approver when someone does post (when
they spoof the FROM: field).  Then if legit, approve the posting (usually
by REPLYing OK to the cookie message).

It would be useful to review the LO's manual section:

http://www.lsoft.com/manuals/1.8d/owner/owner.html#2.12.6

--
/Pete Weiss
Sr. Systems Engineer
Penn State
+1 814 863 1843

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM