LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Effects of blocking a backbone

Ben Parker <[log in to unmask]>

Wed, 13 Dec 2000 23:17:28 -0700

text/plain (42 lines)

On Wed, 13 Dec 2000 21:48:43 -0500, Paul Karagianis <[log in to unmask]> wrote:

>There's a proposal under discussion in SPAM-L to establish a MAPS-like
>blacklist for "open-loop" lists.  What this really means is anybodies
>guess, but I've confirmed with the author that a Listserv list with
>"subscribe=open" qualifies... *even if send= [log in to unmask]*
>because a subscription could be forged and the valid postings would be
>UBE to the victim.  

This is one of the primary reasons we always suggest one-way lists be set to 
Send= ...,Confirm.  Then even if the authorized sending address is forged, the
request for approval message will still come to the Authorized Editor(s) (which
should not be the same address for better security) who will presumably know the
proper schedule for postings and be smart enough not to approve the forged
message.  If the (forged) message is not approved, it will not go to the list
and there is no exposure.

>What I'm unclear of is, what are the effects of the
>DISTRIBUTE mechanism in all of this?  Do Backbones (in the worst case for
>this scenario) distribute to regions/domains outside of themselves?

In the first place participation on the backbone is voluntary, and the section
in the Site Manager Manual and on our registration webform covers this in good
detail.  i.e. the site PM should have a good idea what their risk might be
before joining the backbone.  Sites need not participate.  

Generally sites do not route/re-mail outside their own domain so this isn't very
likely anyway.  Of course if the owner of an academic mail account has some kind
of automatic forwarding setup to an off-campus (out-of-network) account...  This
is fairly common.  And when the person objecting to the mail conveniently
forgets that the mail he is getting now at [log in to unmask] is actually subscribed
as  [log in to unmask] it can lead to all kinds of brou-ha-ha.

>In terms of _risk_ could an inept postmaster see [log in to unmask] being
>delivered via some IP of a regional backbone outside his own domain and
>accidentally cut off all lists distributed through that site to his own
>domain?

Based on the problems we see on a daily basis, I would (sadly) think that more
and more people with the title of 'postmaster' seem to know less and less about
how mail works.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM