Great Circle Associates List-Managers
(September 1996)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: bogus subscriptions - lists on lists
From: "James B. Byrne" <byrnejb @ harte-lyne . ca>
Organization: Harte & Lyne Limited
Date: Mon, 23 Sep 1996 11:24:44 +4
To: Jason L Tibbitts III <tibbs @ hpc . uh . edu>, list-managers @ GreatCircle . COM, kynn @ idyllmtn . com
Comments: Authenticated sender is <byrnejb @ mail . halisp . net>
Reply-to: byrnejb @ harte-lyne . ca

On 23 Sep 96 at 2:51, Jason L Tibbitts III wrote:

> >>>>> "KB" == Kynn Bartlett <kynn @
 idyllmtn .
 com> writes:
> KB> Why would "passworded confirmation messages" necessarily be a
> good KB> thing, and how would they work?
> A request for subscription comes in.  Instead of adding the address
> and sending a welcome message, a key is sent out that must be
> returned before the subscription becomes active.
> The advantages to this should be self-evident, but the main one is
> that it prevents forged and incorrect addresses from getting on your
> lists. -- 

Another way of thinking of this mechanism, since the term password 
conjurers up all sorts of inappropriate concepts, is that MJ could 
have an authenication and response system for subscriptions, and 
perhaps other things as well, like config and info file changes. 

Instead of directly processing the request, MJ would generate a
random, onetime authenication ticket (or cookie if you will) and
transmit this to the requestor's apparent (from) e-mail address.  If
the address is bogus or invalid, the requestor will never see the
authentication challange and the subscription or whatever will fail
(or at least will never be processed).   

To process the request, the original e-mail address must return the
authenication ticket.  If the e-mail address and authentication
ticket combination fails to match an entry in the pending request
file then the response has no effect.  Optionally an error or
warning message could be sent to the list-owner.  If there is a
match then the request is processed normally by MJ and subsequent
info and warning messages are sent to the concerned parties as in
the current practice.

We use a varient of this mechanism (ours only recognizies requests
from a list of pre-defined e-mail addresses) for an in house web
page updater using e-mail.  It works fairly well.  It's written in
Perl5.003 as well.


James B. Byrne                 mailto:byrnejb @
 harte-lyne .
Harte & Lyne Limited 
Hamilton, Ontario              905-561-1241

Indexed By Date Previous: Change on GEnie.COM impacts some mailing lists
From: Andy Finkenstadt <genie @ panix . com>
Next: Re: interramp harbouring spammers
From: Chris Farris <cfarris @ iss . net>
Indexed By Thread Previous: Re: bogus subscriptions - lists on lists
From: Jack Schnapper <kajor @ kajor . com>
Next: Re: bogus subscriptions - lists on lists
From: Jason L Tibbitts III <tibbs @ hpc . uh . edu>

Search Internet Search