Harold Fuchs wrote:
Sorry to be pedantic but this is exactly where the confusion lay in my
mind. You have now clarified it by saying the victim can *either*
- masquerade as the attacker by setting up a "fake" (mimic?) e-mail
account using the attacker's e-mail address *or*
- use the "=" form of the ezmlm unsubscribe request.
Do *both* of those work? Nobody before has clearly stated that; previous
commentators left that hanging which I why I asked.
<snip>
(*) by (1) changing your email client to use the attacker's address as
the sender address; (2) telnetting into your favourite SMTP server and
providing the necessary sender address; (3) using the "=" form of the
OOo list unsub address as noted in the help {I can /never/ remember
the exact form, so won't try to guess!!!}
Yes, they'll both work. But the easiest way, both to do and explain
would be to use the "=" form:
[EMAIL PROTECTED]
simply substituting "=" for the "@" in your email address (without quotes).
The other way is what spammers use, and might get caught in spam filters
if certain headers don't match.
Roy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
