<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: list


Piet,

On Wed, 11 Feb 1998, Piet Beertema wrote:

+     It is impossible to subscribe someone else than the source-address
+     of the e-mail to the list automatically.  But they can subscribe
+     themselves. (If people send a mail with 'subscribe anti-spam' to
+     majordomo@localhost, this is done automatically; ...
+ I don't know which version of majordomo you're running,
+ but the version I picked up some 2 months ago and which
+ was then the latest version has a very serious flaw: it
+ looks *only* at the header From: line to extract the
+ sender's address from, but that line if by far the most
+ easy to fake. So I can subscribe hundreds of users by
+ sending as many subscribe messages with forged From:
+ lines. Majordomo really should at least check a Sender:
+ line (when present) too and take that as the sender's
+ address in case of discrepancy with the From: address.

Mmm, I also don't trust the Sender: field anymore. There are quite a few
popular UA's around (including the one I'm using now) that tend to put
some kind of 'POP/IMAP server user' in the Sender field. For example in
this message there is a header X-X-Sender (nice bug, I know) which states
that I am jansen@localhost. I could tell Pine to use Sender instead
of X-Sender and then I have a problem since my IMAP userid@localhost isn't
really a mail address. OK, that can be fixed by using proper rewrites and
MX-records but the point is that certain defaults in certain clients just
make it impossible to use the Sender: field to get any idea about the real
originator.

Cross-checking RFC822-headers doesn't solve the forgery of addresses, even
the SMTP-originator can be easily forged (although I think that any
cross-checking should be done on the SMTP-originator since that's more or
less the 'most trustworthy address' (relatively speaking of course, the
number of double bounces I get as postmaster since people don't seem to
understand that delivery errors are send to the SMTP-originators and they
fail to have valid addresses in the MAIL FROM, is growing each day)).

The only way to prevent most (but probably not all) forged subscriptions
is the confirm mechanism but as James pointed out that too has problems
but when choosing between two evils I would prefer a confirmation
mechanism above the ease to subscribe local sublists. 

Xander






<<< Chronological >>> Author    Subject <<< Threads >>>