Security Recommendations for Announcement Lists

If you use the Create List feature of ListManager 7.0, your list is already configured to be secure. If you have upgraded from an earlier version, or if you have modified your settings, you should pay special attention to your settings.

With announcement lists, it is known that disreputable persons forge the From: headers of their email messages, in order to try to appear as the administrator, so that their advertisements are distributed on other people's mailing lists. For this reason, on announcement lists, we recommend that you take the following steps:

* First, make your list posting by administrators only

* Then, either set the list to moderate all messages (including your own) or use an action phrase to set up a posting password/secret code to reject all messages that do not have the required code. Alternatively, you can use the password-based posting feature.

A more radical step is to disallow email submissions entirely and only use the web interface to create messages. Yet even more secure would be to put the web interface behind a firewall, so that outsiders cannot get to it, or to put it in an undocumented server location, so that other people do not know it is there.

A complete listing of every security feature for posting is available in the section titled "Security Features for Posting Messages".