[Mailman-Developers] Re: [Mailman-Users] "Invite" vs. autoresponders
Barry A. Warsaw
barry at python.org
Thu Jan 2 22:45:35 EST 2003
[I'm moving this discussion to mailman-developers. -BAW]
>>>>> "SB" == Stonewall Ballard <sb.list at sb.org> writes:
SB> I've recently discovered that vacation autoresponders will
SB> subscribe recipients to Mailman lists when they get "invited".
Dang. This is because the From address contains the confirmation
cookie encoded in the address. This might kill this idea for
SB> This is not good. It makes the feature dangerous if you've
SB> promised to not subscribe anyone without their assent.
Can you submit a bug report on this? We'll have to decide what to do
SB> Is there any way to avoid this problem, other than not using
SB> the feature? This is yet another reason to move to URLs with
SB> unique keys instead of using passwords. Such a URL could be
SB> embedded in the invitation message.
Take away the From header cookie and that's essentially what you've
got in the invitation message.
I'm up for any other ideas.
More information about the Mailman-Developers