Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 May 1997 07:29:57 -0700
From:      mike allison <mallison@konnections.com>
To:        "Jonathan M. Bresler" <jmb@FreeBSD.ORG>
Cc:        Narvi <narvi@haldjas.folklore.ee>, joerg_wunsch@uriah.heep.sax.de, chat@FreeBSD.ORG, postmaster@FreeBSD.ORG
Subject:   Re: SPAMED again: Add LIVE Girls to your website!
Message-ID:  <33772965.1318AF93@konnections.com>
References:  <199705111121.EAA24236@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
This takes us back to the age-old dilemma of living in a free society. 
Someone will use the freedom in a way that hurts others.  We end up
fixing it by denying freedoms to the very people who need and use them.

I don't know the utility of granting blanket permission to anyone to
easily get access tp list members.  But, I think the solution provided
is adequate.  Think about the Spammers.  Their looking for high volume
``soft'' targets.  They know how to ask majordomo for the users and do
that, perhaps by broadcasting the command to many lists at once, then
they use what comes back.  If they get a goofy error, it's probably not
worth their while to go back and subscribe to get the list and then
unsubscribe.  This is probably an adequate solution.

The other thought is -- one can usually tell what's junk, spam and
garbage and filter it out.  If I don't recognise the user or make sense
out of the subj, I either kill it or save it for later.  

I don't like this shtuff more than anyone else, and I don't request user
lists.  But some do.  We need to ensure that the people who have a valid
use can access it.

No matter what you do, someone who wants to spend the time, effort and
money will crack it.  That's a basic rule of security and it's true.

-Mike
    
Jonathan M. Bresler wrote:
> 
> Narvi wrote:
> >
> >
> > After what they will subscribe themselves to one of the lists and try
> > again, that is, the message provides the needed clue to get the list. It
> > would be better if Majordomo was patched to send back only something like:
> >
> > >>>> who translators
> > **** Permission denied:
> > **** You do not have the permission to get the list of persons
> > **** subscribed to translators.
> 
>         done.
> 
>         uses on hub can still see who is in the lists
> by reading the list files directly
> 
> >>>> who freebsd-alpha
> **** Permission denied:
> **** You do not have the permission to get
> **** the list of addresses subscribed to 'freebsd-alpha'.
> 
> jmb

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33772965.1318AF93>