I just thought of a potential risk to VERPing, and I'd like to get some feedback from you all about it.
Let's say I run a mailing list [EMAIL PROTECTED] and someone like (oh, I dunno) yahoogroups subscribes to the list and provides subscription services of its own. I.e. people can subscribe to [EMAIL PROTECTED] and they'll get all the messages posted to [EMAIL PROTECTED] Yes, we've seen this happen quite a bit. Now, suppose someone on [EMAIL PROTECTED] starts bouncing, and we're VERPing. Won't our Mailman think that [EMAIL PROTECTED] is the bouncing member? In a sense they are, but I can see an attack vector: - subscribe to some downstream reflector for a group, e.g. [EMAIL PROTECTED] - purposely set your address to bounce - [EMAIL PROTECTED] gets disabled, thus shutting off a large list of recipients. Or will/should yahoogroups rewrite the envelope sender for /its/ downstream members? -Barry _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
