LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: alias, routes and security

"Alperin, Glenn" <[log in to unmask]>

Sat, 13 Sep 1997 13:41:38 -0400

TEXT/PLAIN (59 lines)

>
>Hi!
>
>My list security has been breached in that someone tried to reroute
>listmail to a third person, only the error messages when his server
>would not process made me aware of this.
>
>I now want to step up on security of the list, especially I want to
>check out email adresses for the route the messages to them takes (as I
>then can check out - as in the error message - where to the mails are
>directed) and I wonder whether anyone among you has come up with a
>method to verify email adresses generally for security. I also would like
>to know how those among you who want secure lists go about this.
>
>Any ideas on this?
>
>Thanks ahead for your help
>
>R. Kirsch

Well, if your looking for a fool-proof way to do it, one doesn't exist.  I
understand that with the proper knowledge, it is slightly more complicated to
change the route a message appears to take than it is to change the name
and e-mail address where the mail appears to come from.

Some mail software has a built in function which will allow you to check
on the route the message took, but that is no guarantee that the message
actually followed that route to get there, as such things can (as I
understand it) be forged, just like an e-mail address can be forged.

If you want to verify the authenticity of all posts, you may want to set
your list to be a moderated list, and before posting any message with the
ok command, send back the initial message to the person who the headers
"claim" it came from, and get verification from them that it was indeed
their post sent to your list and not that of a person mimicking their
e-mail address.

It seems to me that that entails quite a bit of extra work though.  Some
list owners are willing to do this to make their list run smoothly, and it
may be the most appropriate method for their lists, but as
I said to my brother on the phone last night, if my list ever gets to the
point that it needs moderation, than I will simply relinquish my list
ownership of the list.  For my list though, I do not think this will be
an issue.

The proper syntax in the header might look like this

* Subscription= By Owner
* Editor= [log in to unmask]
* Send= Editor,Hold,Confirm

This would give the list-owner control over who subscribes, and send
every article, including those from the owner and editor, back to the
editor for approval.  Did I get that right?

Aside from that, there isn't much else you can really do.

Glenn

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM