On 23 Sep 96 at 2:51, Jason L Tibbitts III wrote:
> >>>>> "KB" == Kynn Bartlett <kynn @
> KB> Why would "passworded confirmation messages" necessarily be a
> good KB> thing, and how would they work?
> A request for subscription comes in. Instead of adding the address
> and sending a welcome message, a key is sent out that must be
> returned before the subscription becomes active.
> The advantages to this should be self-evident, but the main one is
> that it prevents forged and incorrect addresses from getting on your
> lists. --
Another way of thinking of this mechanism, since the term password
conjurers up all sorts of inappropriate concepts, is that MJ could
have an authenication and response system for subscriptions, and
perhaps other things as well, like config and info file changes.
Instead of directly processing the request, MJ would generate a
random, onetime authenication ticket (or cookie if you will) and
transmit this to the requestor's apparent (from) e-mail address. If
the address is bogus or invalid, the requestor will never see the
authentication challange and the subscription or whatever will fail
(or at least will never be processed).
To process the request, the original e-mail address must return the
authenication ticket. If the e-mail address and authentication
ticket combination fails to match an entry in the pending request
file then the response has no effect. Optionally an error or
warning message could be sent to the list-owner. If there is a
match then the request is processed normally by MJ and subsequent
info and warning messages are sent to the concerned parties as in
the current practice.
We use a varient of this mechanism (ours only recognizies requests
from a list of pre-defined e-mail addresses) for an in house web
page updater using e-mail. It works fairly well. It's written in
Perl5.003 as well.
James B. Byrne mailto:byrnejb @
Harte & Lyne Limited http://www.harte-lyne.ca
Hamilton, Ontario 905-561-1241