Jp Possenti wrote: > How hard would it be for someone to maliciously start sending all the users > in my list emails or start deleting people from it by sending bounce errors
It's not hard at all. In fact it's quite easy. This is because the raw archive data is available to the public. See this FAQ: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.066.htp > or by spoofing the admin email and start emailing everyone on the list? That's not hard at all either, although you probably shouldn't have your admin email as a list member. Of course, the spammer could just use any of your subscribers email addresses including the valid ones that haven't posted in 4 years (*cough*, *cough*). See the recent "Verifying posts" thread. > Is this a common problem, or is mailman secure about it? What are some ways > to help avoid any problems? Use an MTA that supports DKIM and/or SPF. These standards help to verify who the sender is. So if [EMAIL PROTECTED] posts to your list, SPF will verify that the email came from an approved aol.com server, not something like 24.16.8.101-home.dsl.cox.net. DKIM takes it a step further and adds an encrypted email header "key" that is carried with the email during it's entire journey through multiple servers. This key enables every "hop" to validate the email, whereas SPF is just point-to-point validation based on email header info (which can very easily be modified in transit). > Please explain carefully and with plenty of details as I am still figuring > things out. Heck, that should be SOP for everyone. ;-) -Jim P. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
