Alejandro Riera <ari...@gmail.com> wrote: > "Lin Jen-Shin (godfat)" <god...@godfat.org> wrote: > > I guess I am too lazy/busy to dig into this, so an SMTP would be great > > for me. I am also ok to be listed as a public subscriber. > > Same here, SMTP sounds great :)
Copying discussion to the m...@public-inbox.org list... Thanks all for your response. I'll set up something on the ssoma side which replays messages to subscribers. This will make it easy to fork/migrate subscription lists to different servers. I'll probably use VERP[1] to handle bounces. However, most of the normal bounce processing mechanisms (including VERP) seems to leave users open to malicious unsubscribes. In other words, an attacker may fake bounce messages to take users off a list (VERP or not). The reference documentation for VERP just makes faking bounces trivially easy. So I think we need to make the bounce address unguessable by the attacker. Perhaps using something like Crypt-VERPString[2] is necessary? Keep in mind somebody sniffing your plain-text SMTP traffic will (and will always) be able to extract the bounce address; so this only increases the difficulty level to do a malicious unsubscribe. The secret key should be able to change when migrating between servers (or if compromised) without being a big problem, as most bounces occur hours/days within delivery time; not months/years afterwards. [1] http://cr.yp.to/proto/verp.txt [2] http://search.cpan.org/dist/Crypt-VERPString __ http://bogomips.org/unicorn-public/ - unicorn-pub...@bogomips.org please quote as little as necessary when replying