[Mailman-Developers] MTA load, custom messages, bounces
Peter W
mailman-developers@python.org
Fri, 7 Dec 2001 23:23:02 -0500
On Fri, Dec 07, 2001 at 06:40:15PM -0800, Peter C. Norton wrote:
> On Fri, Dec 07, 2001 at 02:36:39PM -0500, Peter W wrote:
> > How robust is the bounce detection? Even with VERP and/or good MTAs,
> > is there enough smarts in the system to prevent a black hat from connecting
> > to the MTA on the mailman server and using fake bounce messages to
> > knock someone off a list without their knowledge?
>
> You can avoid this by is by sending a test message to them and use a cookie
> in the envelope-from that is a hash of a saved secret value that you can
> compare to on the bounce.
Right. That's what I'm suggesting, that maybe such a cookie plan should be
implemented. I like my idea of the cookie being a hash of both the
recipient address and something like a time value, so that "replay"
attacks are less feasible. You shouldn't be able to pick up a disk drive
that Barry W discarded a year earlier and get a cookie that still lets you
unsubscribe him from this list. :-)
> If you get a bounce to the address that has the
> proper hash, then you can pretty safely disable them (unless their
> postmaster is out to get them. But you can't save them from that).
Or if someone gets to their saved messages, right.
> If you
> don't get the message bounced back then that email address isn't really (or
> at least always) bouncing.
Eaxctly. Sounds like we're in basic agrement about the potential value of
a cookie-laden envelope?
-Peter
--
I am what I am 'cause I ain't what I used to be. - S Bruton & J Fleming