LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Feature Wish List

Dennis Budd <[log in to unmask]>

Thu, 18 Jan 2001 12:17:01 -0600

TEXT/PLAIN (51 lines)

On Thu, 18 Jan 2001, Kevin Parris wrote:

>No . . . just that I want the experience of subscribing to be the
>same for the subscriber, whether the list is "open,confirm" or "by
>owner"  - so they go through the same interactions with the server
>'out there' every time (allowing for some variation in message
>content, so they are told "your request must be approved by the list
>owner" immediately, but then once approved, they get the
>"confirmation" sequence instead of a "you have been added" notice).
>

What is the point of this?  It doesn't make much sense to do a
subscription by owner unless you're going to communicate with the
subscriber in some fashion to verify their qualifications for
subscribing to it.  (Or unless maybe you have some other means of
verifying the subscriber).  If you've already communicated with the
subscriber, having them do a subscription confirmation is just
pointless work on their part.

>I also have this question lurking in the back of my mind - what if
>the subscribe request was forged, to a "by owner" list, and the
>confirmation isn't done, does one wind up with an unknowing
>subscriber added to the list - since the apparent-request-origin
>address isn't asked to verify it?  (Please be kind if I'm off base
>on this, as I am quite new to being a LISTSERV site maintainer).

Yes you would, but if you've either communicated with the subscriber
already, or have some other means (such as a class list in the case of
a bunch of subscribers being added for a class) to verify
authenticity, the forged requests will have already been screened out.
If there is no such ahead-of-time verification, I personally don't see
the point of subscription-by-owner; it opens up the very hole you are
pointing out.

Dennis

>
>>>> [log in to unmask] 01/18/01 11:45AM >>>
>At 09:21 01/18/2001 Thursday, Kevin Parris wrote:
> >How about enabling the combination "Subscription =By Owner, Confirm", such
> >that instead of the owner submitting an ADD command when the subscriber
> >request is approved, the server simply proceeds with the usual Confirm
> >process after the owner OKs the request?
>End Reply
>
>Do you mean that the owner's email address/account has been forged and/or
>compromised and that somehow the OK will remedy that?
>
>/Pete
>

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM