Utilities: List Settings: Email Submitted Content: Security
Reject Email Submissions
This setting determines whether all submissions sent via email should be automatically rejected. By default, your list is set to allow submissions by email. If you change Reject Email Submissions to "Yes", then any email that is sent to the list will automatically be rejected. Only postings made through the ListManager web interface or via a script will be allowed.
Email can fairly easily be "spoofed"; that is, someone can make the email appear to be from someone it isn't from. Thus, email is not a very secure mechanism for authenticating users. Someone malicious can configure their email program to be someone else and send messages as if they were that person.
In most mailing list situations, users behave ethically, and do not impersonate others, so the risk of abuse is minimal.
However, you may have a need to have as much security as possible so that there is very little risk of improper email getting posted to your list. In such a case, you might want to disallow all postings over email. Only postings through the web interface or postings made with a script will be allowed. Note: These postings will be subject to normal security settings, such as moderation, match phrases, etc.
Only Admins Can Send
When set to Yes, only List Administrators are allowed to contribute messages to the mailing list. Any member who attempts to contribute a message will have their contribution automatically rejected. The Admin Send feature is useful for announcement or email marketing type mailing lists, where a select group is allowed to post to the list, but where all other members should not be allowed to post to the list.
By default, this setting is set to Yes (only admins can send) for Email Marketing and Announcement lists created through Utilities: Administration: Lists: New List.
Require Password in Body
This option determines whether lists postings contributed by email require senders to include their personal passwords in the following format:
PASSWORD:your_password
"PASSWORD" must be capitalized, and there may be no spaces.
For example, if you are posting to a list that requires the password in the body, and your password is "sw33t", you would include the following in your messages:
PASSWORD:sw33t
Your password will be automatically removed before your message is distributed so others won't see it.
Passwords will only be required for members who have passwords. If certain members do not have passwords, this option will not have any affect on their ability to post messages to the list.
If you want all members to have passwords, and for their passwords to be required in all list postings, you should also set "Require Password" to be true. "Require Password in Body" (as distinct from "Password Required") requires that all members have passwords. See Utilities: List Settings: Users' Web Interface: New Subscriber Requirements for more information.
Including a password in an email message is inherently insecure. If you are concerned about password security, do not require a password in the body of the message.
More
1. Utilities: List Settings: Email Submitted Content
2. Utilities: List Settings: Email Submitted Content: Message Wrapping
3. Utilities: List Settings: Email Submitted Content: Approval
4. Utilities: List Settings: Sending to Your List: Email Header Features
5. Utilities: List Settings: Sending to Your List: Header Rewrites