On Sun, Sep 02, 2001 at 06:49:43PM -0500, higgins@peg.com wrote:
and 44 unsubscribed messages. With confirm, it would be possible for someone to have us do their dirty work and drop 4400 did you want to be subscribed messages into their mailbox. In other words, confirm aggravates the situation.
If someone want's to harass people this complicated way it would be much easier to use any of the numerous autoreply forms on web sites. In contrary to the confirm mechanismn from many other lists SmartList's confirm always appends the full header of the sucription request to the confirm request. This doesn't mean that an attacker cannot hide the message flow but it makes it more difficult.
Check a reject list before sending.
The reject list is not checked prior to confirm's operation. Hence, it's possible to harass someone using the subscription mechanism.
That's simply not true. The reject file is checked before confirm is called. Please look at the source (rc.request) before spreading such claims. Werner