Re: list
- Date: Wed, 11 Feb 1998 19:13:51 +0100
Thanks for making this point <grin>.
I feel a quick reaction is in order, though I don't have a definitive
answer on _all_ your points at 18:45 where there's not _that_ many
people around to discuss this with...
<false.address@localhost writes:
* - that it would be impossible to subscribe someone else to the
* list: subscriptions should be confirmed before they are
* accepted.
* The wordt case of 'spam' we ever had (many years ago) is that
* some student hackers subscribed a journalist to a few
* 1000 mailing lists.
This mechanism is in place - mostly. It is impossible to subscribe
someone else than the source-address of the e-mail to the list
automatically. But they can subscribe themselves. (If people send a
mail with 'subscribe anti-spam' to majordomo@localhost, this is done
automatically; if they send a mail with 'subscribe anti-spam
someone@localhost, the request needs to be confirmed by a human.)
(This does not, however, stop people from forging a subscription
e-mail to majordomo, so that it seems to come from e.g.
<false.address@localhost, and subscribing 'themselves' to the list.
I personally doubt whether we would want to spend our resources on
approving every single subscription request to a RIPE mailinglist
manually. Especially since it would not yield much;
some.student.hackers@localhost could still forge mail from
a.journalist@localhost, and the moderator would probably not spot
this & subscribe him.)
* - that it would be impossible to fetch E-mail addresses from
* members of the list.
Thanks for making your point; this is not in place. At this moment
anyone can get a list of the people subscribed to our majordomo
lists. Up till now we had no complaints about this fact. But I'll
raise this issue here & see what others think.
* - the list should be protected so that only members of the list
* can mail to the list, so that the list itself can not be misused
* for spam.
This is also in place.
We score 2 out of 3; not _too_ embarassing.
Obviously, you could still use this list for spamming, because you
could still send e-mail forging an address which you know is on this
list. And you can still subscribe a fake address to the list, as
you've just proven.
Regards,
Roderik.
(not necessarily representing the formal opinion of my employer here)