
April 16, 1998
3:09 a.m.
proposal concerning web based subscriptions:
*allways* use confirmation, even if the list doesn't require them via email.
If you don't, it's a security hole for any mailing list that doesn't implement it, and for out of service-attacks against the system mailman on which mailman is running. Even if a list is not advertised, it is still vulnerable to this, as an "attacker" could well find out the name of list by other means.
it seems that as mailman becomes more widely used, more and more lists will have a problem with this.
comments?
Scott Cotton IC Group Inc