At 02:56 PM 3/28/2002, Bill Cole wrote: >At 5:15 PM -0500 3/28/02, Stefan Jeglinski imposed structure on a stream >of electrons, yielding: >>>A day does not pass when I don't get spam that has come through an >>>unsecured formmail. >> >>How do you know? I'm curious to look through my headers for instances. > >It's not a header thing, it's a body thing. they all have similar wrappers >around the payload. Here's the top few lines of one from last night: <snip>
This has been a fascinating thread. I have just handed off web/email for one organization to the new people so it does not directly impact me. It does make me glad I used my own AppleScript CGI to process the mail form I needed. Using SIMS it was easiest to drop the mail into the incoming folder so I did not have to do much more than a file write. But I could not figure out how to make a general purpose form mail cgi that would be secure. So I punted: I had a hard coded list of legal destination addresses on the server. Any attempt to send to an address other than a legal one was blocked. And the legal addresses all pointed to closed mail lists. Any attempt by a non-member to send to these lists was blocked. To the best of my knowledge no unauthorized mail made it through that system. The new webmasters are setting things up on a Sun Unix system so my AppleScript/SIMS/AutoShare setup was not portable for them... ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
