Thanks. Interesting.
At 5:54 PM -0800 2/18/2000, Joe Smith wrote:
>| Authorized users of the closed list do not need to receive a message
>| informing them that their messages have not been accepted (presumably due to
>| some oversight or glitch) because they will likely note the absence of their
>| message on the list anyway.
Not a safe assumption.
>| Unauthorized users of the list do not need to see the text of their message
>| at all in their electronic rejection note -- a stock reply explaining how to
>| gain admission to the list is more relevant.
One very good reason TO return the messsage. Way too many people send
a message to the list and don't keep a copy. If you reject it for
some reason without sending it back, they're honked off, because you
dind't post it and they don't have it to send a second time. Sending
it back with instructions on how to make it postable is a must.
But -- this closed-list hack is something that needs to be addressed,
also. how to trade off those two problems is going to be interesting,
but not returning the message isn't IMHO the right answer. it's a
meataxe answer, but something a little more sophisticated ought to be
findable.
>| However, there is a more serious vulnerability here: infinite loops between
>| two or more closed lists.
It's a big issue for anything that auto-responds, not just lists. Any
mailbot has to try to figure this out, and many of them do a terrible
job of it, including some of mine. I've closed some holes, but not
all of them, and it's a continuing issue.
IMHO, while it's not my preferred way of doing it, I'm redoing my
mailbots so that the From and reply-to addresses point to an alias to
nobody, and people are told that can't just hit "reply", but I've
more or less decided that this is a lesser of two evils issue, and
limiting loops is more important than trivial replies, and since I
have zero control over how the mailbot on the OTHER side works, I
have to be hyper-paranoid not to create possible loops.
The worst loop I ever ran into, and I literally found it by accident,
was one that, as far as I could tell, had been going on for a couple
of months. yes, months. both sides kept slowly adding text to it, so
that by the time I ran into it, the return message was 90 megabytes
long, and because of that, the time for it to make a round trip was
on the order of 2-3 days. My system throws out mail over 100 megs, so
sooner or later it would have hit that limit and died, but --
thinking of all that bandwidth...
I have an automated report that mails me about possible loops every
morning, so I can catch and break them if I need to. At some point, I
hope to fully automate it, but I don't trust it yet.
>| A) Turn off automated notification of rejection altogether on all closed
>| lists; or if you feel that the notification messages are important, then
>|
>| B) Configure the listserv to send back only the title of a rejected message,
>| not the complete text; or if you feel like addressing the potential
>| vulnerability head-on,
I disagree, personally. Teh disadvantage to users who lose their
message befcause it's not posted OR returned outweighs the abuse
possibility, at least until the abuse happens.
>| C) Design a check of a log file so that the listserv for a closed list can
>| quickly identify a mailstorm and stop it by turning off automated
>| notification of rejection when it is being abused.
So this is what I'd suggest. If nothing else, track the number of
rejected messages and if it spikes or goes over some chosen value,
then Do Something.
--
Chuq Von Rospach - Plaidworks Consulting (mailto:[EMAIL PROTECTED])
Apple Mail List Gnome (mailto:[EMAIL PROTECTED])
And they sit at the bar and put bread in my jar
and say 'Man, what are you doing here?'"
