On Fri, Dec 07, 2001 at 06:40:15PM -0800, Peter C. Norton wrote: > On Fri, Dec 07, 2001 at 02:36:39PM -0500, Peter W wrote:
> > How robust is the bounce detection? Even with VERP and/or good MTAs, > > is there enough smarts in the system to prevent a black hat from connecting > > to the MTA on the mailman server and using fake bounce messages to > > knock someone off a list without their knowledge? > > You can avoid this by is by sending a test message to them and use a cookie > in the envelope-from that is a hash of a saved secret value that you can > compare to on the bounce. Right. That's what I'm suggesting, that maybe such a cookie plan should be implemented. I like my idea of the cookie being a hash of both the recipient address and something like a time value, so that "replay" attacks are less feasible. You shouldn't be able to pick up a disk drive that Barry W discarded a year earlier and get a cookie that still lets you unsubscribe him from this list. :-) > If you get a bounce to the address that has the > proper hash, then you can pretty safely disable them (unless their > postmaster is out to get them. But you can't save them from that). Or if someone gets to their saved messages, right. > If you > don't get the message bounced back then that email address isn't really (or > at least always) bouncing. Eaxctly. Sounds like we're in basic agrement about the potential value of a cookie-laden envelope? -Peter -- I am what I am 'cause I ain't what I used to be. - S Bruton & J Fleming _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
