> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, May 29, 2006 7:25 AM > To: sqlite-users@sqlite.org > Subject: Re: [sqlite] Purging the mailing list roles. Was: > Please Restore Your Account Access > > Such a system is already in place. Please recall when you > signed up that you got a confirmation message that you had > to reply to before you were added to the mailing list. > > And yet somehow, the spammer still managed to get signed up > using a "paypal.com" address. How did they do that?
If the validation utility validates on the From header (faked addr) and replies honoring the "ReplyTo" header (real addr), then that'd be one way to skim through.
