On Thu, 2003-07-10 at 15:54, Chuq Von Rospach wrote:
My worry, of course, is that the e-mail community has had a tendency to see mail-back validation as the solution to many problems (and it is, just not as globally as some might hope) --- but I don't think the community has ever stopped to make sure those techniques were really secure in a formal way, or defined what it takes to be secure. the existance has been enough...
This is an excellent point, and I think deeper than the hash algorithm we use. I think we can make the hash generation unbreakable for all intents and purposes. Much more worrisome to me is the actual protocols we're using for confirmation.
Case in point: MM2.1 supports the ability to encode the confirmation string in the envelope sender so all it takes is a reply to confirm. This is only implemented for a small handful of confirmation scenarios currently. It's frightening to enable that for e.g. subscription confirmations because of the widespread presence of broken vacation programs. E.g. if you know Chuq's vacation program will reply to Precedence:bulk messages, you just have to wait until he's out of the office for a few days to mailbomb subscribe him to hundreds of lists. Not good!
Of course mail-backs tie into opt-in policies and anti-spam policies, as well as usability issues. Make it hard for people to get on or off the list and you'll get slammed (e.g. jwz's out-of-date rant :).
(but then, there are all sorts of attack vectors in mail lists that haven't been properly addressed. If I want to mailbomb your inbox into a cinder, does it matter whether I subscribe you 50 busy mail lists, or simply shove 1,500 "if you want to confirm your subscription..." replies in via a forged address? Most servers will happily keep resending confirmations without rate limiting, so you don't even need to find 1500 lists... Ditto help and info messages, postmaster auto-bots, etc, etc... )
Yep, yep, yep. I want Mailman to be a good citizen as much as possible, while still being usable. It's a darn fine line sometimes. ;)
-Barry