[Tutor] Security

Grimmtooth grimmtoothtoo@yahoo.com
Mon, 31 Dec 2001 23:24:53 -0500 

> We can send them a letter, and have it come back with a secret
> code. Something along these lines is a commonly
> used ploy.

I think this is the best method, myself.  First of all, the most used
implementation of this method requires NO action on the part of the
recipient if they do NOT want on the list -- it should time out after some
interval.

> We can just sign them up at this point; it's been done.

Yeah, in the good old days.

> We already have unsubscribe information in the footer, so they
> can go to the site and unsub if they want to,
> but this means other people can annoy them with unwanted subs,
> and we really want to prevent this, would'nt
> you?

Absolutely. Make it opt-in.

> We could do something else, but bless me if I know what that
> something else is!

How about require them to telnet to a secret server which address is encoded
into a limrick included in the subscribe letter, enter a special pass phrase
that is encoded in a BCD string?  Nah, scratch that.

> So I guess that we will do a simple email process here, and a
> random number generation, and send that to them
> in the subject, and let them reply to it. the subject would be in
> the form of:
>
> command listname randomnumber
>
> If they give us a good random number, the file maintainer puts
> their email address in that list. Bad address,
> bad listname, or bad random number and it barks.

A bit too easy to mess up.  I suggest this: go ahead with the random number,
if you want, but also add a checksum of the addresss and list name to that
number, in some form or another.  Keep a local database tying the number to
the email address and list name.  Require them to reply with the number in
either the subject OR as the first line of the message (this allows for
services like Yahoo that append stuff to any message).  Require ONLY the
number, you already have the address and list name.  You aren't gaining much
by allowing them to meet all three requirements in a complex system that
could have any number of routing wierdness and/or multiple email addresses
per person.  Sure, it MIGHT be possible to spoof this, but the number of
cases is so miniscule compared to the amount of work required by the end
user as to make it counterproductive.

Remember, you asked :-)



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com