|
|
|
09-10-2002, 06:35 PM
|
Postid: 73442
|
|
Visitor
Join Date: Aug 2002
Posts: 10
|
kind of stupid question, probably
i have been surfing the forum, giving myself a little bit of understanding about ezmlm, and there is one issue that had cropped up a few times in old posts--a security issue. while the posts are not very recent, i could not find any mention of a fix, so i wanted to know if it ever had been fixed. it simply regards the fact that a recepient of an announcement-only list could somehow (if i knew, i could try it myself and answer my own question, but i don't) send a message to everyone on the list himself, unless you changed the list-owner name shortly after sending your message out. i'm assuming what was being guarded against was slightly more complicated than someone hitting reply, which is all i knew to try.
long story short--do i need to perform the name-change maneuver each time, or is this old, solved news?
thanks,
andy
|
|
|
|
09-10-2002, 06:44 PM
|
Postid: 73443
|
|
Service Rep
Join Date: Dec 1999
Location: Jacksonville, Fl
Posts: 4,887
|
Hi Andy,
That particular problem still exists  and ALL Announcement Only lists would be well advised to change the list owner address after sending each mailing for security reasons.
I change mine to really obscure addresses such as notme@nodomain.here.pdf and then right before sending a new list message change it to a valid email address and then immediately afterwards change it to something else again.
-Bob
- The only stupid...... is the one not..... and that's the Truth  - |
|
|
|
|
09-10-2002, 06:50 PM
|
Postid: 73444
|
|
Visitor
Join Date: Aug 2002
Posts: 10
|
oh...thanks, bob. i guess by stupid, i was referring to the fact that i didn't know how to attempt the breach myself. not that i'm asking!  |
|
|
|
|
09-10-2002, 07:03 PM
|
Postid: 73445
|
|
Site Owner
Join Date: Jan 1999
Location: People's Republic of Canada
Posts: 627
|
Is there any kind of solution in the works, or even possible? I've set up announcement mailing lists for clients and it's impractical to change the list-owner address every time there's a mailout. They don't have CNC access, for one thing. When they wanted to send a mailing they'd have to notify me, I'd change . . . etc etc, you get the picture.
|
|
|
|
|
09-10-2002, 08:29 PM
|
Postid: 73450
|
|
Service Rep
Join Date: Dec 1999
Location: Jacksonville, Fl
Posts: 4,887
|
Quote:
Originally posted by Binky:
Is there any kind of solution in the works, or even possible?
|
The solution, at this point, appears to be ezMLM/IDX which FutureQuest has definitely looked at..thought about..considered...
However as with many major upgrades, which ezMLM/IDX would qualify as, there are many aspects, including but not limited to, CNC integration, possible compatibility issues with older ezMLM lists, offering both side by side... the list goes on.
This has been a desired upgrade that FutureQuest has been looking at, however as with everything in life today we must prioritize the functions in somewhat the following fashion: - Security oriented
- Have more impact on Quality of Life More on this soon !
- Fit in with the current flow of enhancements
- Staff Allocation
IOW... this is something that FutureQuest is looking to move towards however it will have to wait it's turn 
Disclaimer: FutureQuest may determine that an enhanced mailing list solution other then ezMLM/IDX would be more appropriate at some future date and this post in no way guarantees that the ultimate solution will be ezMLM/IDX
-Bob
- Just gotta love the disclaimers  -
|
|
|
|
|
09-12-2002, 07:12 PM
|
Postid: 73577
|
|
Visitor
Join Date: Aug 2002
Posts: 10
|
correct me if i'm wrong, but...
as long as you are sending messages from cnc, the list owner address does not even need to be a real address, does it? you could just leave it as is (if fake) forever, assuming you used cnc to send the messages. i tried this, it sent out messages, and i'm assuming this prevents someone else from sending messages. correct? (i realize not everyone wants to send out from cnc, but i personally don't mind.)
thanks again,
andy
|
|
|
|
|
09-12-2002, 07:23 PM
|
Postid: 73580
|
|
Service Rep
Join Date: Dec 1999
Location: Jacksonville, Fl
Posts: 4,887
|
Hi again Andy,
The general problem with that approach is that the CNC sent mailing list will show the Owner's email address as the From: address. Once that is known then anyone can simply change their From: email address to match and then send an email to the list
Changing the Owner's email address either before and after or at least after is still required to be safer.
Hope this helps clarify further,
Bob |
|
|
|
|
09-12-2002, 07:32 PM
|
Postid: 73582
|
|
Visitor
Join Date: Aug 2002
Posts: 10
|
i hate to push the issue, but just to be sure, this is true even if the from: address is an impossible address? ("bob@bob.bob")
|
|
|
|
|
09-12-2002, 07:36 PM
|
Postid: 73583
|
|
Service Rep
Join Date: Dec 1999
Location: Jacksonville, Fl
Posts: 4,887
|
Hi again Andy,
Would this qualify:
Bob@some.Future.Quest.tld cause that is what I set the list owner to. I then set my email client to show that email address as the From: address and sent a message to the test list.
It was received in very short order I always invite everyone to test for themselves as you can setup as many mailing lists as you want so setting up special lists just for testing is a great idea.
-Bob |
|
|
|
|
09-12-2002, 07:54 PM
|
Postid: 73586
|
|
Visitor
Join Date: Aug 2002
Posts: 10
|
thanks, bob (at bob.bob). believe it or not, i don't know how to change my from address in my email client, thus did not test it myself.
thanks again,
andy
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 visitors)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 03:58 AM.
|
| |
|
|
|
