On Fri, Dec 07, 2001 at 02:36:39PM -0500, Peter W wrote: > On Thu, Dec 06, 2001 at 10:14:35PM -0500, Barry A. Warsaw wrote: > > > I actually don't think that MTA-directed VERPing helps us out much. > > Sure, it can give us an envelope sender that we can use for better > > bounce detection[*] > > How robust is the bounce detection? Even with VERP and/or good MTAs, > is there enough smarts in the system to prevent a black hat from connecting > to the MTA on the mailman server and using fake bounce messages to > knock someone off a list without their knowledge?
You can avoid this by is by sending a test message to them and use a cookie in the envelope-from that is a hash of a saved secret value that you can compare to on the bounce. If you get a bounce to the address that has the proper hash, then you can pretty safely disable them (unless their postmaster is out to get them. But you can't save them from that). If you don't get the message bounced back then that email address isn't really (or at least always) bouncing. -- The 5 year plan: In five years we'll make up another plan. Or just re-use this one. _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
