At 07:31 PM 12/14/96 -0330, W Schipper <[log in to unmask]> wrote:
 
[snip]
 
>My question:  Is it possible to "fool" listserv by changing the
>information in the "From:" line?
 
Yes.
 
>I know it is not possible with online
>mailers like pine or elm.
 
Untrue; it's easy to do with elm (but I'm not going to post how to do
it on a mailing list :)  It's probably easy with pine as well (I just
happen not to use pine).
 
>But something sticks in my mind that some
>offline mailers, such as Eudora, will allow knowledgable users to modify
>the line so that listserv will think the message is coming from one
>person, when in fact it is coming someone else.
 
You don't need to be all that knowledgable.  In fact, you need to be
able to configure "From:" whenever you start an account anywhere, or
if you get your own domain, if you're offline.
 
>Any insight?
 
Harder to spoof is the SMTP FROM information.  This, however, is
in the "envelope" and may not be delivered in messages you see,
and isn't 100% reliable anyway.
 
But I digress.
 
What you probably want is to set your list to:
        Validate= Yes,Confirm
This will also require OK confirmations on unsubscribe requests
(probably a good idea anyway, since you appear to have a forger
in your midst), and either an OK or password on your own requests
(after all, they could forge being *YOU* and not being the user;
in fact they might have done it that way using QUIET SET).
 
It might be useful if listserv would keep the original requests
around for inspection (to try and locate the forger) but I don't
think they do.
 
Cheers,
Stan Ryckman ([log in to unmask])