LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Question: Who's signing off for whom?

Hal Keen <[log in to unmask]>

Wed, 30 Apr 2008 10:22:36 -0500

text/plain (15 lines)

> Isn't it trivially easy for spam software to forge a FROM: and/or TO:
address?  As you know, there are special listserv mail list aliases
(addresses) that perform this UNSUB function w/o any body of text.

It is not hard to forge a From: address. Therefore, the Validate= keyword in
the list configuration ought to be checked. Signing off ought to require
confirmation, and that confirmation wouldn't happen if the request was sent
with a forged From: address.

[ I don't understand the notion of forging a To: address, except on a
forwarded copy. One can certainly send a message with the actual recipient
on the Bcc: header line, but that's not "forging" anything. ]

Hal Keen

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM