Re: [CF:1340] Problems with mailing list

To:
Subject: Re: [CF:1340] Problems with mailing list
From: Jan Echternach <>
Date: Fri, 23 Jun 2000 11:07:46 +0200
In-Reply-To: <>; from on Thu, Jun 22, 2000 at 02:02:24PM -0500
Mail-Followup-To:
References: <> <> <> <>
Reply-To: Jan Echternach <>

On Thu, Jun 22, 2000 at 02:02:24PM -0500, Bob Tanner wrote:
> Reply-To can be forged, so this 'silly' software sends email to whatever
> address you subscribed to the mailing list.

Well, the last time I had to deal with such mailing lists
(unsubscribing after my From: had changed from  to
) I just forged the From: header.  This isn't even
security by obscurity, because it's not obscure - it's obvious that you
only need to supply a properly forged From: header to bypass such silly
checks.

There are already solutions used that really solve the problem:
Sending a confirmation email or requiring a password.

-- 
Jan

Follow-Ups:
- Re: [CF:1340] Problems with mailing list
  - From: Bob Tanner <>

References:
- Problems with mailing list
  - From: Norbert Irmer <>
- Re: [CF:1340] Problems with mailing list
  - From: Rick Tanner <>
- Re: [CF:1340] Problems with mailing list
  - From: Jan Echternach <>
- Re: [CF:1340] Problems with mailing list
  - From: Bob Tanner <>

Prev by Date: Re: [CF:1349] It lives! (22Jun00 server 0.95.6 on SuSE 6.4)
Next by Date: [Bug 17] Changed - Tobias Tower in Santo Domionion Traps Users
Prev by thread: Re: [CF:1340] Problems with mailing list
Next by thread: Re: [CF:1340] Problems with mailing list
Index(es):
- Date
- Thread