Security Considerations of the "From:" field

The From: field in email messages is insecure. Many mail programs, such as Netscape Mail and Pegasus Mail, allow you to tailor the From: field to say absolutely anything you want. Thus, it is easy for anyone to send mail to someone else and have a forged From: line.

Therefore, when messages come into ListManager, it is possible that they are forged and that the From: is not really who the message was written by. There is no good solution to this email authentication problem at the current time. There are secure email standards, but these are not in widespread use, so they cannot be used by ListManager.

With discussion groups, the insecurity of the From: field is not usually a problem. People tend not to be malicious.

With announcement lists, we suggest that you implement additional security measures to prevent unwanted postings.

The two most commonly recommended approaches are:

1. Moderate your mailing list, so that you receive a confirmation request before the posting is allowed through to the list.

2. Require that the user password be included in the body of the message.

See Utilities: List Settings: Email Submitted Content: Security for more information.