is the accept list easy to bypass?
Hi, I plan to use smartlist for a announcements only list, where only a person will be able to post to the list. From the manual, I uncomment force_submit, delink the accept file and put in it the authorized email address for posting. I wonder if this method is not too easy to bypass by a malicious subscriber. It seems enough to configure any email program with the posting address to spam the list (and I'd say this address is sent in the headers). Am I wrong? If not, what can be done to avoid this without making the list moderated? TIA, Llorenc Sole Maresme Netcom, S.L.
At 3:31 PM -0400 9/4/01, Llorenc Sole is rumored to have typed:
Am I wrong? If not, what can be done to avoid this without making the list moderated?
Er...might you want to tell me what's wrong with making the list moderated, using the password scheme already built into SmartList to avoid anyone bypassing the admittedly-light security of delinking the accept/dist? I honestly don't understand why people become so frightened of moderated lists and determined not to use them when they are the perfect solution to this problem...we have a few one-way or broadcast lists on our server, and moderating the lists works just fine to allow those who are supposed to post with easy access, while preventing others who are not. Charlie (who added his own password routines to the Subject:, back in the days before there was a $moderator_PASSWORD var built into SmartList)
participants (2)
-
Charlie Summers -
Llorenc Sole