On September 30, 2002 at 23:00, [EMAIL PROTECTED] wrote: > > The <http://www.mhonarc.org/archive/html/> archives (and any that > > use mharc) have an Original link that downloads the original raw message. > > Hmmmm. An interesting approach could be to configure one's browser to > fire up the MUA (or open a window on an already running MUA) and open > the downloaded content when downloading something of content type > "message/rfc822". Of course, the webserver sending the message would > have to send it with the appropriate mime-type.
I've actually played with sending message/rfc822, and many modern browsers can actually render the message (minus attachments). However, this open things up for XSS attacks. Hence, I always send text/plain as the type. > > I like your idea, but unfortunately, I do not see a way to prevent > > if from being abused. > > Two different ways, or a combination of them if one wished. One would > be to rate limit the number of messages a given IP in a given time > window can have bounced. Not fool-proof by any means. Requires extra work. I thought of this, but I believe the costs in implementation out-weight any benefits. > The second is to limit bouncing messages to list-subscribed addresses > only. This one is fool-proof (well as fool-proof as DoS-preventing > any mailing list in the first place) but requires more hoops to simply > get a message to respond to. It still allows someone to mail bomb subscribers. --ewh --------------------------------------------------------------------- To sign-off this list, send email to [EMAIL PROTECTED] with the message text UNSUBSCRIBE MHONARC-USERS
