Security Considerations of the From: field
The From: field in email messages is insecure. Many mail programs, such as Netscape Mail and Pegasus Mail, allow you to tailor the From: field to say absolutely anything you want.
Thus, it is easy for anyone to send mail to someone else and have a forged From: line.
Therefore, when messages come into Lyris List Manager, it is possible that they are forged and that the From: is not really who the message was written by. There is no good solution to this email
authentication problem at the current time. There are secure email standards, but these are not in widespread use, so they cannot be used by Lyris List Manager.
With discussion groups, the insecurity of the From: field is not usually a problem. People tend not to be malicious.
With announcement lists, we suggest that you implement additional security measures to prevent unwanted postings.
The two most commonly recommended approaches are:
1) Moderate your mailing list, so that you receive a confirmation request before the posting is allowed through to the list.
2) Require that the user password be included in the body of the message.
|