LISTSERV - CLICK4HP Archives - LISTSERV.YORKU.CA

CLICK4HP Archives

Health Promotion on the Internet

CLICK4HP@YORKU.CA

	LISTSERV Archives
	CLICK4HP Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	The new "confirm subscription" command.
From:	Sam Lanfranco <[log in to unmask]>
Reply To:	Health Promotion on the Internet <[log in to unmask]>
Date:	Tue, 2 Jun 1998 18:47:23 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (66 lines)

Dear CLICK4HP Subscribers:

Several of you have been confused by a new dimension to the the
SUBSCRIBE, UNSUBSCRIBE and other commands used to manage your CLICK4HP
account. This short note is to explain how to deal with the "request for
an 'ok'" message you get when you send a command.

First a little background. In the days before the internet most email
users had to logon to their email account. All mail send from that
account had its "FROM" (return) address 'stamped' by the account itself.
One could not impersonate another email user without being inside the
other user's account.

With the growth of POP mailers (email in browsers, Eudora, etc) the user
has to select a "FROM" address as part of their email setup. This means
that I could set up my mail to come from (for example) Florence
Nightingale  <[log in to unmask]> and that is how it would
appear in the FROM line. This allows anyone to masquerade as anyone else
when sending email.

This is seldom a sucessful masquerade for any serious purposes since the
full (and mainly invisible) email header sent with the message has
information about the routing and the original machine - but not the
original author. Malicious activities can usually be traced to the
author after a little detective work.

However, list management software has to use the email address on the
FROM: line since it has nothing else to go on. This has resulted in a
number of forms of abuse, including someone else subscribing a person to
numbers of lists, or someone else desubscribing someone from a list.

In order to prevent this, computing services at York University, where
the CLICK4HP list is maintained, have added a verification step to the
subscribe/unsubscribe process.

When you send a command to [log in to unmask] - be it to SUBSCRIBE, to
UNSUBSCRIBE, to set MAIL or NOMAIL, or DIGEST - the server holds the
command and sends a request for confirmation to the email address of the
intended subscriber, as found on the FROM: line in the request.

Since that message can only go to the specified email address, it is
impossible for another to intercept it and confirm the request. That
request for confirmation will have a 6 character alphanumeric "key" in
the SUBJECT LINE:

You are requested to hit REPLY (so that the alphanumeric key is retained
in the SUBJECT LINE), type the word "ok" in the body of the message, and
send it back to the listserv. You should then get the full confirmation
message.

If you get an error term you should either contact one of the
listmanagers (or [log in to unmask]) or try sending a second
message with "ok alphanumeric key" (eg ok 34533A) in the body of the
message.

Please understand that this extra step has been required because some of
our colleagues, with a penchant for malicious behaviour, have a tendency
to mess up individual email subscriptions. Even I, as the list owner,
have to double confirm commands when I am not telnetted directly into my
email account.

Of course, we wouldn't have to do this if all were honest, but that is
another issue....

Sam Lanfranco <[log in to unmask]>

ATOM RSS1 RSS2

LISTSERV.YORKU.CA