Sam wrote:
Since the purpose of the confirmation request is to make sure that the human being that owns this address actually sent the subscription request, it obviously won't be very useful to have a confirmation process that can be easily fooled by an autoresponder.
?? It would take 5 minutes for someone to add the "yes" functionality to an autoresponder script. It probably wouldn't even need to parse the request message, assuming that changing the subject won't interfere with other mailing list managers.
Not that I'm arguing against your patch (I may even use it), but consider this scenario:
I somehow acquire a list of email addresses at company X, where a lot of users have set up autoresponders. And I also get a list of all the mailing lists that are running on your server (if you're virtual hosting, it could be a lot).
Now I forge subscription requests from all of the users at company X to all of the mailing lists you have on your machine. The patched courier sends out the confirmation requests, all of the autoresponders respond, and soon everyone at company X who has set up an autoresponder is subscribed to all of your mailing lists.
In a virtual hosting environment with hundreds of different domains and mailing lists, this could be a big problem. But for a dedicated server with only a few centrally controlled mailing lists, maybe it's worth the risk.
m.
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
