[Mailman-Developers] MTA load, custom messages, bounces

[Peter C. Norton]

On Fri, Dec 07, 2001 at 11:23:02PM -0500, Peter W wrote:
> Right. That's what I'm suggesting, that maybe such a cookie plan should be
> implemented. I like my idea of the cookie being a hash of both the
> recipient address and something like a time value, so that "replay"  
> attacks are less feasible. You shouldn't be able to pick up a disk drive
> that Barry W discarded a year earlier and get a cookie that still lets you
> unsubscribe him from this list. :-)

Throw in a saved secret per list or per test message, too.  The recipient
address is known, and time values can probably be guessed if you have a
known config and the attacker is generating the "bounces".  The attacker
could probably brute force the right address within 300 messages (5 minute
timespan).

> >  If you get a bounce to the address that has the
> > proper hash, then you can pretty safely disable them (unless their
> > postmaster is out to get them.  But you can't save them from that).
> 
> Or if someone gets to their saved messages, right.
> 
> >  If you
> > don't get the message bounced back then that email address isn't really (or
> > at least always) bouncing.
> 
> Eaxctly. Sounds like we're in basic agrement about the potential value of 
> a cookie-laden envelope?

It makes my life easier when I use ezmlm.  I think it would be a good
addition to mailman.

-- 
The 5 year plan:
In five years we'll make up another plan.
Or just re-use this one.