[Mailman-Users] Challenge/Response

Karl Zander kwz-mm at commpartners.com
Sat Feb 10 21:07:16 CET 2007

On Fri, 09 Feb 2007 15:54:59 -0800
  Bob Morse <bob at morsemedia.net> wrote:
> Thank you all for your insights in the 
>Challenge/Response question. I am
> convinced this is not the way to go. In fact, I used 
>some of the same
> arguments to the client when he brought it up.
> The problem remains, however: How do I prevent spoofing? 
>In this case they
> have a real fear due to a board member who is soon to be 
>ejected from the
> board and have organizational membership taken away. 
>They feel he is capable
> (both emotionally and technically) of major disturbances 
>on one or more of
> about a dozen mailing lists the organization maintains.
> What makes this even more of a Œchallenge¹ is that the 
>account is on a
> shared server.

We are dealing with a similar situation now.  Some member, 
or non-member, is spoofing the From: address of members to 
post to the lists.  We have full emergency moderation 
turned on so all messages are reviewed before posting. 
 And at the MTA we have instituted various other checks 
that help prevent messages from getting to Mailman.  There 
is no (easy) technology now that can prevent this.  If the 
person is inclined to make trouble, they will.  If not 
through the lists, then by some other means. 
 Fundamentally, its not a technology problem.


More information about the Mailman-Users mailing list