Security Measures for your List

Spoofing

Some unethical people may try to post to your list with forged From addresses. This is also called spoofing and causes recipients to believe they are receiving mail from a specific person, when in actuality they are not. Listserv can also be fooled by a spoofed From address. It is possible to spoof messages posted to a list and to spoof list subscriptions. Listserv does provide mechanisms to help prevent spoofed messages.

Preventing spoofed/forged messages

If you want to make your list less prone to spoofed/forged posts, you can use the "Confirm" parameter with the Send= keyword in your list header configuration(see examples below). The Confirm parameter will cause the list to generate a confirmation request that is sent to the address shown in the From line of the message being posted. The person at this address will then have to reply to this confirmation request giving the OK for the post to be accepted. This will cause an extra step for the posters, but this may be worth the inconvenience to make your list more secure.

Examples of "Send= keyword" settings using the Confirm parameter:

For private lists, use Send= Private,Confirm
For public lists, use Send= Public,Confirm
For Edited lists, use Send= Editor,Hold,Confirm

Reference the manual for more information on this: http://www.lsoft.com/manuals/1.8d/owner/owner.html#2.12.6

Preventing spoofed/forged subscription requests

The Confirm parameter is also used to help prevent spoofed subscription requests. You will need to use the Validate= keyword in your list header configuration(see examples below), which is used for Listserv commands, such as subscribing. Validate has to be set to All,Confirm to prevent spoofed un/subscribing

Example of "Validate= keyword" settings using the Confirm parameter:

Validate= All,Confirm

Reference the manual for more information on this: http://www.lsoft.com/manuals/1.8d/owner/appendb.html#keyValidate

Attachments or embedded binaries

You may want to disable or filter attachments by using the Attachments= keyword in your list header configuration (see examples below).

Although CITES Spam Control will delete any virus-infected messages before they can be distributed, viruses are not the only security threat associated with attachments. There can be copyright protection and /intellectual property-related legal issues associated with a mailing list's redistribution of some file attachments, including audio and video clips.

Examples of "Attachments= keyword" settings:

To reject messages with attachments, use Attachments= No
To filter the attachment out of the message, use Attachments= No,Filter

Reference the manual for more information on this:  http://www.lsoft.com/manuals/1.8d/owner/appendb.html#keyAttachments

As most binary files are large, limiting the size of posts can prevent some messages with embedded viruses or audio or video clips. So, you may also want to limit the size of messages posted to the list by using the Sizelim= keyword in your list header configuration(see examples below).

Example of "Sizelim= keyword" setting:

To allow most long posts but limit most uuencoded messages, use Sizelim= 250

Reference the manual for more information on this:  http://www.lsoft.com/manuals/1.8d/owner/appendb.html#keySizelim