Re: mailing a copy of a message from an archive

2002-10-01 11:46:02
On September 30, 2002 at 23:00, mhonarc(_at_)interlinx(_dot_)bc(_dot_)ca wrote:

The <> archives (and any that
use mharc) have an Original link that downloads the original raw message.

Hmmmm.  An interesting approach could be to configure one's browser to
fire up the MUA (or open a window on an already running MUA) and open
the downloaded content when downloading something of content type
"message/rfc822".  Of course, the webserver sending the message would
have to send it with the appropriate mime-type.

I've actually played with sending message/rfc822, and many modern
browsers can actually render the message (minus attachments).  However,
this open things up for XSS attacks.  Hence, I always send text/plain
as the type.

I like your idea, but unfortunately, I do not see a way to prevent
if from being abused.

Two different ways, or a combination of them if one wished.  One would
be to rate limit the number of messages a given IP in a given time
window can have bounced.  Not fool-proof by any means.

Requires extra work.  I thought of this, but I believe the costs in
implementation out-weight any benefits.

The second is to limit bouncing messages to list-subscribed addresses
only.  This one is fool-proof (well as fool-proof as DoS-preventing
any mailing list in the first place) but requires more hoops to simply
get a message to respond to.

It still allows someone to mail bomb subscribers.


To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the

<Prev in Thread] Current Thread [Next in Thread>
  • Re: mailing a copy of a message from an archive, Earl Hood <=