[ On Tue, August 26, 1997 at 16:59:26 (+0100), Manar Hussain wrote: ]
> Subject: Re: Stopping SPAM to the exim users list
>
> BTW - exploders are not just to allow a local admin person to put people on
> and off the list: if that's all that is desired any admin type person
> capable of running an exploder can fake an email to subscribe the user
> instead.
Indeed -- they're usually there to either concentrate traffic or in fact
to hide the true end subscriber identity.
> BTW2 - this problem actually happen more often for people posting with
> addresses other than the one with which they are subscribed. E.G. trying to
> post with a from line of woods@??? when you are subscribed as
> woods@??? or even wibble@??? when subscribed as
> wibble@??? as it were ...
Yup. That particular example has happened to me several times because
different mail-list admin software loos at different headers to
determine the subscriber's address. They *should* look at the Reply-To,
but they often don't and they sometimes allow the user to specify the
address in the subscription command and we all know what users are like...
The other problem that will grow dramatically is that people will often
post from different places depending on what they happen to be doing at
the moment. I.e. they'll be using different mail relay gateways whether
they be at the office, at home, on the road, driving in their car, etc.
The envelope sender address will be (or already is) useless for
verifying the subscriber status.
--
Greg A. Woods
+1 416 443-1734 VE3TCP <gwoods@???> <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>
