On Thu, 06 Feb 97 09:22:26 EST Ben Chi said:

(replying to the group, since it's a bigger issue.  Hope you don't mind)

>It works just fine.  I made up the file
>
>HELO albany.edu
>MAIL FROM:<[log in to unmask]>
>RCPT TO: <[log in to unmask]>
>DATA
>From:         [log in to unmask]
>To:           [log in to unmask]
>
>subscribe Z Foo Bar
>.
>QUIT
>
>and SENDFILE'd it to MAILER.  Everything thereafter proceeded normally,
>including a request from listserv to foobar for confirmation.  That is,
>listserv did not detect a forgery or, if it did, chose to ignore it.
>(Hmm.  Is this a Good Thing?)


IMHO, no.   Sure, it makes it handy for those of us who need to be able
to remove people, etc., but in the last week, I have had 3 instances of
someone mail bombing someone's account by subscribing them to every
listserv list we have here at A&M - and with a vulgar name at that!

You may want to issue a
  quiet del * [log in to unmask]
to all of your listservs

To Listserv's defense, I don't think that preventing spoofed subscriptions
(or other commands) is possible.  The best defense it probably use of
the Confirm option on the Subscribe keyword (for Open lists).  The
person being bombed will still get tons of email (the confirmation msg),
but at least they won't actually be subscribed.


                                       --------------------------
                                       Listserv Manager
                                       [log in to unmask]