At 10:08 AM +0100 4/1/97, Morna Findlay wrote:
>Can I ask if any list managers on this list have been plagued by
>indivuduals who maliciously join innocent users to their lists?
>What's the best way to avoid this - making users confirm their subscriptions?
That helps; we use the "+confirm" subscription policy feature in the
current version of Majordomo to do that. The latest thing we're seeing,
though, is forged "info" and "intro" requests (i.e., "tell me about this
list"), which are not confirmed. They're only good for a single message to
the victim, but that's still a lot of email...
We've had some success using a front-end filter for Majordomo that blocks
incoming requess containing certain known-problem domains in the
"Received:" lines. Unfortunately, the code I'm using for this is something
I slapped together in a hurry, and has a bunch of deficiencies, so I'm not
willing to release it. Future versions of Majordomo should have something
like this built in, though.
Brent Chapman Internet/intranet training and consulting,
COM specializing in network design and security.
Great Circle Associates,Inc. Visit us at http://www.greatcircle.com/