On Thu, 26 Aug 1999, Jessica Rasku wrote:
> On Thu, 26 Aug 1999, Listserv Admin wrote:
> > On Wed, 25 Aug 1999, Jessica Rasku wrote:
> > > On Wed, 25 Aug 1999, KEVIN MCKENZIE wrote:

> > These ADD jobs are then sent to listserv (and cc:d to a real person). The
> > "From:" is the Owner and the password is the Owner's passwd so all replies
> > and errors go to the List Owner.
>
>         Don't send the actuall add request to your students.  The password
> is there.  You don't want that....

  I'm sure I don't understand what you mean since ADD requests go to
listserv@, which is hardcoded in the program. If you mean the list itself,
well even if that happen, the list is empty since the ADD job is to put
students on an empty list.

> > from listserv stating that "so many people have been added, etc.," would
> > go to the real owner and cause sufficient alarm that they would remember
> > the instructions to contact us.
>
>         A person could replace the header with the password, bypassing the
> ``real owner''.  So, this isn't safe either...

  Maybe you could be a bit more explicit?  What header is actually
replaced with the password that could cause listserv to bypass the "real
owner"?

--Trish
-----------
Trish Forrest, Queen's University