Chronological >>> Author Index    Subject Index Threads >>>

Re: list


Thanks for making this point <grin>.

I feel a quick reaction is in order, though I don't have a definitive
answer on _all_ your points at 18:45 where there's not _that_ many
people around to discuss this with...



 <false.address@localhost writes:
 * - that it would be impossible to subscribe someone else to the
 * list: subscriptions should be confirmed before they are
 * accepted.
 * The wordt case of 'spam' we ever had (many years ago) is that
 * some student hackers subscribed a journalist to a few
 * 1000 mailing lists.

This mechanism is in place - mostly. It is impossible to subscribe
someone else than the source-address of the e-mail to the list
automatically.  But they can subscribe themselves.  (If people send a
mail with 'subscribe anti-spam' to majordomo@localhost, this is done
automatically; if they send a mail with 'subscribe anti-spam
someone@localhost, the request needs to be confirmed by a human.)

(This does not, however, stop people from forging a subscription
e-mail to majordomo, so that it seems to come from e.g.
<false.address@localhost, and subscribing 'themselves' to the list.

I personally doubt whether we would want to spend our resources on
approving every single subscription request to a RIPE mailinglist
manually. Especially since it would not yield much;
some.student.hackers@localhost could still forge mail from
a.journalist@localhost, and the moderator would probably not spot
this & subscribe him.)


 * - that it would be impossible to fetch E-mail addresses from
 * members of the list.

Thanks for making your point; this is not in place.  At this moment
anyone can get a list of the people subscribed to our majordomo
lists. Up till now we had no complaints about this fact. But I'll
raise this issue here & see what others think.


 * - the list should be protected so that only members of the list
 * can mail to the list, so that the list itself can not be misused
 * for spam.

This is also in place.

We score 2 out of 3; not _too_ embarassing.


Obviously, you could still use this list for spamming, because you
could still send e-mail forging an address which you know is on this
list. And you can still subscribe a fake address to the list, as
you've just proven.



Regards,

Roderik.

(not necessarily representing the formal opinion of my employer here)




Chronological >>> Author    Subject Threads >>>