https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #18 from Sidney Markowitz <[EMAIL PROTECTED]> 2008-06-18 16:16:23 PST --- (in reply to comment #12) I found a hole in the opt-in procedure that would have let someone subscribe your email address without you being notified (both in this case and as I commented in bug #5921, with ArcaMax/ReplyPath/PostmasterDirect). Even though efax.com requires confirmation of an email address to register, if you change the email address on an eFax-Free account the only notice email is sent to the old address. A sleazy company that gets paid for generating "confirmed opt-in" leads could have scammed eFax and you by subscribing their email address and then switching it to yours. Proper handling would be to send an activation email to the new address with a link that must be clicked to complete the change of address, and only then send the notification to the old address. Given this loophole, perhaps it would be appropriate for someone to contact J2 as an official representative of the SpamAssassin PMC and find out if they will fix it, or else we need to consider removing them from the default whitelist. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
