[Explanation] Re: "STOP SENDING ME THIS SHIT"
Dr. Dimitri Vulis
dlv at bwalk.dm.com
Thu Apr 18 09:04:38 PDT 1996
Patrick May <pjm at spe.com> writes:
> I run a small mailing list that has been subject to problems
> similar to the recent spate of "unscrives". Apparently there is a
> list of mailing lists circulating the warez boards along with scripts
> for spoofing subscription requests. ...
>
> Crypto relevance: This attack will be eliminated when more mail
> agents support public key crypto and the mailing list software can be
> modified to check signatures on subscription requests.
Eric Thomas's LISTSERV has had a feature for 4 or 5 years that prevents
spoofed subscription requests. The list owner can configure the mailing
list so that whenever a subscription request is received, LISTSERV
e-mails the apparent sender and asks to e-mail it 'OK nnnn', where 'nnnn'
is a pseudo-random string uniquely identifying this request. If the
confirmation isn't received within 48 hours, LISTSERV ignores the command.
Similar confirmations can be requested for other commands, like unsubcribe.
Works like a charm without any public key crypto or digital signatures.
---
Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
More information about the cypherpunks-legacy
mailing list