Crossfire Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [CF:1340] Problems with mailing list



On Thu, Jun 22, 2000 at 02:02:24PM -0500, Bob Tanner wrote:
> Reply-To can be forged, so this 'silly' software sends email to whatever
> address you subscribed to the mailing list.

Well, the last time I had to deal with such mailing lists
(unsubscribing after my From: had changed from user@domain.de to
user@host.domain.de) I just forged the From: header.  This isn't even
security by obscurity, because it's not obscure - it's obvious that you
only need to supply a properly forged From: header to bypass such silly
checks.

There are already solutions used that really solve the problem:
Sending a confirmation email or requiring a password.

-- 
Jan