[Mailman-Users] How hard is it to spoof an email?
Mark Sapiro
msapiro at value.net
Mon Jan 30 00:09:35 CET 2006
Jim Popovitch wrote:
>
>> You say I should not have my admin email as a list member. By that you mean
>> "listname at domain.com" which is the default address as the admin?
>
>Your admin email would be listname-admin at domain.com. That address
>doesn't belong in the subscribers list, nor does listname at domain.com.
To clarify:
The address listname-admin at domain.com doesn't go to a human in Mailman
2.1.x. It is a synonym for listname-bounces at domain.com. The generic
address to reach the owners (admins/moderators) is
listname-owner at domain.com.
I don't think Jim was saying that address (listname-owner at domain.com)
should not be a list member. It shouldn't, but I think what Jim was
saying is that the actual admin/owner email address(es) - i.e. the
ones that appear on the bottom of the listinfo page as
XYZ list run by jdoe at example.com
should not be list members (or at least not unmoderated members)
because otherwise you are advertising an address that can be spoofed
to post to the list.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list