[Mailman-Users] Challenge/Response
Karl Zander
kwz-mm at commpartners.com
Sat Feb 10 21:07:16 CET 2007
On Fri, 09 Feb 2007 15:54:59 -0800
Bob Morse <bob at morsemedia.net> wrote:
> Thank you all for your insights in the
>Challenge/Response question. I am
> convinced this is not the way to go. In fact, I used
>some of the same
> arguments to the client when he brought it up.
>
> The problem remains, however: How do I prevent spoofing?
>In this case they
> have a real fear due to a board member who is soon to be
>ejected from the
> board and have organizational membership taken away.
>They feel he is capable
> (both emotionally and technically) of major disturbances
>on one or more of
> about a dozen mailing lists the organization maintains.
>
> What makes this even more of a Œchallenge¹ is that the
>account is on a
> shared server.
We are dealing with a similar situation now. Some member,
or non-member, is spoofing the From: address of members to
post to the lists. We have full emergency moderation
turned on so all messages are reviewed before posting.
And at the MTA we have instituted various other checks
that help prevent messages from getting to Mailman. There
is no (easy) technology now that can prevent this. If the
person is inclined to make trouble, they will. If not
through the lists, then by some other means.
Fundamentally, its not a technology problem.
--Karl
More information about the Mailman-Users
mailing list