LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

> Isn't it trivially easy for spam software to forge a FROM: and/or TO:
address?  As you know, there are special listserv mail list aliases
(addresses) that perform this UNSUB function w/o any body of text.

It is not hard to forge a From: address. Therefore, the Validate= keyword in
the list configuration ought to be checked. Signing off ought to require
confirmation, and that confirmation wouldn't happen if the request was sent
with a forged From: address.

[ I don't understand the notion of forging a To: address, except on a
forwarded copy. One can certainly send a message with the actual recipient
on the Bcc: header line, but that's not "forging" anything. ]

Hal Keen