Home | FAQ | Manual | Ezmlm Manual Pages | Qmail Manual Pages | Readme | Upgrade | Downgrade

SENDER manipulation - ezmlm-idx FAQ

Next: , Previous: General assumptions, Up: Ezmlm-idx security


21.2 SENDER manipulation

We assume that the cost of manipulating/falsifying the SENDER address of a message is zero. Thus, any mechanism relying on SENDER alone is insecure. However, such a mechanism may help in case of simple mailer or user errors. We also assume that the “cookies” used by ezmlm are secure, i.e. that it is very hard for someone to generate a valid cookie for a given address. SENDER is used to identify a moderator for remote administration of subscriptions. The result of the action or the confirmation request are sent back to that moderator address. Thus, providing a false SENDER is useless, unless the attacker can also read that moderator's mail.