[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"

To: [email protected]
Subject: Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"
From: [email protected] (Dr. Dimitri Vulis)
Date: Thu, 18 Apr 96 06:58:55 EDT
Comments: Obscenities forbidden (18 U.S.Code 1462)
In-Reply-To: <[email protected]>
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: [email protected]

Patrick May <[email protected]> writes:
>      I run a small mailing list that has been subject to problems
> similar to the recent spate of "unscrives".  Apparently there is a
> list of mailing lists circulating the warez boards along with scripts
> for spoofing subscription requests.  ...
>
>      Crypto relevance:  This attack will be eliminated when more mail
> agents support public key crypto and the mailing list software can be
> modified to check signatures on subscription requests.

Eric Thomas's LISTSERV has had a feature for 4 or 5 years that prevents
spoofed subscription requests. The list owner can configure the mailing
list so that whenever a subscription request is received, LISTSERV
e-mails the apparent sender and asks to e-mail it 'OK nnnn', where 'nnnn'
is a pseudo-random string uniquely identifying this request. If the
confirmation isn't received within 48 hours, LISTSERV ignores the command.

Similar confirmations can be requested for other commands, like unsubcribe.

Works like a charm without any public key crypto or digital signatures.

---

<a href="mailto:[email protected]">Dr. Dimitri Vulis</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

References:
- [Explanation] Re: "STOP SENDING ME THIS SHIT"
  - From: Patrick May <[email protected]>

Prev by Date: NYT on Bernstein Suit
Next by Date: Re: EFF/Bernstein Press Release
Prev by thread: [Explanation] Re: "STOP SENDING ME THIS SHIT"
Next by thread: Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"
Index(es):
- Date
- Thread