Barbara Duprey wrote: > James Knott wrote: >>> >> You may have more than email account, buy normally only use one SMTP >> server. This means you can send any email from address, through that >> one SMTP server. I have done this, when sending mail on my personal >> account, from my work computer. Unfortunately it also means you can >> impersonate someone else. In our example, impersonation would be >> necessary, in order to get the subscription ended. >> > Actually, the impersonation is probably not required for OOo, because > apparently the goodbye message (if received) can be responded to > without regard to the account; it contains a "magic cookie" that is > what the list manager cares about. But it does apparently seem to be > necessary for the attacker to be forwarding the traffic, and not > filtering the goodbye message. Isn't it necessary to impersonate the address that the mail is originally sent to, in order to request unsubscribe? Otherwise, we're back to the situation where anybody could unsubscribe anyone.
-- Use OpenOffice.org <http://www.openoffice.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
