How ListManager Determines the Identity of the Person

When mail comes into a mailing list for distribution, ListManager looks at the From: header, extracts the email address and looks the email address up in the list of members for that list. If the email addresses match, the message is assumed to be from that member.

If the email address does not match, ListManager looks to see if the From: field contains a full name of a person. If it does, it looks that full name up to see if they are a member of the mailing list. If the full name matches, then the posting is assumed to be by that member. ListManager uses this technique to work around a common problem with list managers: if only members are allowed to post and the list manager knows people only by their email address, then people with multiple email addresses will be continually refused the right to post, because their alternate email addresses are not listed as members. Since ListManager matches on the email address, and if that fails, on the full name, in a wide variety of situations it correctly identifies the member and their posting is not refused as being "not from a member of this list".

We do not see this feature as a security violation, because the From: field is already insecure. If someone wants to forge their identity, they can easily, with a program such as Netscape, assume that person's email address for their From: field. Given this fact, allowing people's posts through because the name matches does not make ListManager any less secure. When well meaning people try to post and have a slightly different email address, they are not aggravated by a list manager which refuses to recognize them.