[Mailman-Developers] Yet another weird-a$$ potential attack
problem...
Dale Newfield
Dale@Newfield.org
Fri, 5 Apr 2002 00:37:23 -0500 (EST)
On Fri, 5 Apr 2002, Barry A. Warsaw wrote:
> We can protect dumb replybots by making it less convenient for our
> users, essentially by forcing them to perform an action that is unlikely
> (though not impossible, Mr. Turing), to be doable by anything other than
> a human.
What if we make the required response not responding to the message, but
rather following either an http link to a webpage with a "Yes" button, or
following a mailto link that specifies the special reply token in the thus
composed email message?
So instead of sending the token in the Subject: line of the message,
it's sent in the subject line in a mailto link.
(like so: <mailto:mylist-admin@list.host?subject=TOKEN>)
I still use pine, and even it is able to "do the right thing"(tm) with
that...
-Dale