Assuming that your email clients and servers are using TLS the password updates are being end-to-end encrypted by the mail system. Note that listserv does not send password changes, it only receives them. However, anyone able to log in to the listserv user account can see password updates.

On Dec 13, 2021, at 11:33 AM, Krista <[log in to unmask]> wrote:

My company's IT security folks are concerned that ListServ 16.5 may send password changes "in the clear" through unencrypted email, or that users could send passwords change requests, via email, to the server (not encrypted).

We're using the ListServ on Windows. Does this ever happen, and if so is it possible for any password changes / requests to be initiated through the web interface only, and that it won't accept users trying to change PW via a mail command, and/or won't send passwords unencrypted via email?

Krista Landon

To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1



To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1