On Thu, Mar 18, 2004 at 06:01:17PM -0500, Philip Miller wrote:
You're thinking of checking the wrong message against LMAP criteria. It
looks like you're thinking of validating the unsubscribe request, while
Meng was talking about only trusting List-* headers in messages that have
passed LMAP validation.
Why? With double-ACK it is absolutely irrelevant, either of those.
If this message would fake List-Unsubscribe for the ietf-asrg list,
and I would hit unsubscribe, so what? I'd get a message from ietf-asrg
to confirm the unsubscribe, and I would think "just a second, what?"
and I would of course not send the ACK.
If the list admin set up the list for unsubscribe without ACK it
doesn't make a difference either, as I can probably right now unsubscribe
all those who sent a message to this list from the list (it's just a grep
in my mailbox and 3 lines of shell).
So checking List-* against LMAP is not how to make mailing lists more
secure and protect them from evil sent unsubscribes.
And it should definitely not be done by a MTA. If someone wants he can
even check Message-Ids against LMAP at user level ;-)
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"