ietf-mxcomp
[Top] [All Lists]

Re: onus on mailing lists

2004-03-18 16:25:35

Markus Stumpf wrote:
On Thu, Mar 18, 2004 at 09:50:09AM -0500, Meng Weng Wong wrote:
Another problem is that because these headers are subject to forgery,
the spammer can forge
List-Unsubscribe: 
<mailto:ietf-mxcomp-request(_at_)imc(_dot_)org?body=unsubscribe>
which fools the MUA; putting that metadata into the SPF record moves
the announcement back into a space that's controlled by the purported
sender domain.  You only want to trust a List-Unsubscribe if the message
itself passes RMX/DMP/LMAP/MXCOMP/MARID tests.

I don't think I can follow you here?
Well behaved MLMs use double-ACK for opt-in as well as opt-out.
However I am aware that with this list I could probably unsubscribe all
of you with a single batch job.

IMHO the proposal should not make workarounds to try to fix security
flaws in MLM software or their configuration.

ezmlm e.g. shows (and I think at least majordomo can also do this) how you
can use safe crypto cookies for confirmation of the subscribe and unsubscribe
process. This can be securely done without any LMAP checking at all:
   new(_at_)example(_dot_)net  requests unsubscribe for  
joe(_at_)example(_dot_)com
   MLM creates unique secret with a token only known to the MLM and
       sends it back to joe(_at_)example(_dot_)com(_dot_) It also has a upper 
limit on
       duration of validity
Now the mailbox joe(_at_)example(_dot_)com has a cookie that will only 
unsubscribe
joe(_at_)example(_dot_)com from one particular ML. You can even forward that 
cookie
to your new account  new(_at_)example(_dot_)net  and still use the cookie 
together
with the address  joe(_at_)example(_dot_)com  to unsubscribe  
joe(_at_)example(_dot_)com  (and
none else).

A LMAP check would IMHO even be counterproductive here.

You're thinking of checking the wrong message against LMAP criteria. It looks like you're thinking of validating the unsubscribe request, while Meng was talking about only trusting List-* headers in messages that have passed LMAP validation.

Philip Miller


<Prev in Thread] Current Thread [Next in Thread>