From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 19 Apr 1996 00:04:38 +0800
To: cypherpunks@toad.com
Subject: Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <199604180537.WAA01617@gulch.spe.com>
Message-ID: <w1ukmD168w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Patrick May <pjm@spe.com> writes:
>      I run a small mailing list that has been subject to problems
> similar to the recent spate of "unscrives".  Apparently there is a
> list of mailing lists circulating the warez boards along with scripts
> for spoofing subscription requests.  ...
>
>      Crypto relevance:  This attack will be eliminated when more mail
> agents support public key crypto and the mailing list software can be
> modified to check signatures on subscription requests.

Eric Thomas's LISTSERV has had a feature for 4 or 5 years that prevents
spoofed subscription requests. The list owner can configure the mailing
list so that whenever a subscription request is received, LISTSERV
e-mails the apparent sender and asks to e-mail it 'OK nnnn', where 'nnnn'
is a pseudo-random string uniquely identifying this request. If the
confirmation isn't received within 48 hours, LISTSERV ignores the command.

Similar confirmations can be requested for other commands, like unsubcribe.

Works like a charm without any public key crypto or digital signatures.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps