[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: A personal response to your email to sixdegrees





Declan McCullagh [mailto:[email protected]] wrote:
> Better yet, give anyone on the mailing list a veto over their new
> membership. Send a cookie to the address that was signed up, and an
> anti-cookie. If anyone returns the anti-cookie, in effect 
> saying "we don't want to be part of your blasted service," put them 
> on a list of do-not-contact people for half a year or so.

An anti-cookie, I like it.

LISTSERV provides a cookie and makes you type "ok" in the body. Making
that "ok" or "cancel" and keeping the cookie active for a day or so
seems like it would be a really simple modification. One "cancel" of
course is over-riding and final.

Similarly for majordomo and other custom acknowledgement schemes.

	Matt


-----Original Message-----
From: Matthew James Gering [mailto:[email protected]] 

> ---Mark Salamon <[email protected]> wrote:
> >
> > Thanks for the reply.  I have now received about 10 such 
> > replies.  We will take them to heart, remove the cypherpunks 
> > and attempt to deal with the mailing list issue in an 
> > intelligent way.

Most lists and services have dealt with the problem of someone
accidentally subscribing or maliciously subscribing someone else in one
of two ways:

A) send and acknowledgement message with a randomly generated
authorization code that requires the user to respond.
B) send out a password and require the user to login before account is
activated.

This works only if you assume the malicious individual will not receive
mail sent to that address. This therefore falls down when the address is
a mailing list or other distribution point that the malicious individual
has access to directly or via archives.