Bob Morse writes: > The problem remains, however: How do I prevent spoofing? In this case they > have a real fear due to a board member who is soon to be ejected from the > board and have organizational membership taken away. They feel he is capable > (both emotionally and technically) of major disturbances on one or more of > about a dozen mailing lists the organization maintains.
Wouldn't moderating non-members and requiring admin approval for subscriptions be enough? Or is he capable of spoofing a member's From address? If not, I've been there (the problem wasn't a board member, more like a stalker). However challenge/response wouldn't help anyway, because it's easy enough to set up an autoresponder for typical C/R systems. If not, and he's determined, he'll just do the C/R dance by hand. What we ended up with was blacklisting the guy's known accounts, hosts, and IP addresses, which caught most of the shrapnel, and human moderation for about a month. He gave up after two weeks of zero success in several hundred attempts to subscribe or otherwise get past the filters. Had he come back they were prepared to cross-check IP addresses from the Received headers against From addresses for the regular posters. Don't know if he would have been capable of getting around that (spoofing both From and Received is easy enough if you know what you're doing), fortunately we didn't have to go to those extremes. Here's hoping you don't have to, either. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp