[24212] in bugtraq
Re: Intel.com Mailing List Arbitrary Address Removal Link
daemon@ATHENA.MIT.EDU (Todd Underwood)
Sat Feb 9 01:01:44 2002
Date: Thu, 7 Feb 2002 14:00:36 -0700 (MST)
From: Todd Underwood <todd@osogrande.com>
To: Joel Maslak <jmaslak@antelope.net>
Cc: E M <rdnktrk@hotmail.com>,
"bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
In-Reply-To: <Pine.LNX.4.44.0202061842220.3434-100000@bigsky.antelope.net>
Message-ID: <Pine.LNX.4.33.0202071356440.11602-100000@localhost.localdomain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
joel, all,
On Wed, 6 Feb 2002, Joel Maslak wrote:
> The fix for this requires sophisticated bounce tracking software. The
> only real way to fix this problem is to send each recipient a message with
> a custom-encoded FROM envelope address, such as:
> bounce-<user-id>-<security-key>@example.com
> Where the user-id is some sort of database identifyer and the security key
> is simply a random number kept in the database to prevent malicious
> activity (it could also be some sort of cryptographic code). When the
> example.com mail server receives a message to bounce-xxx-yyy@example.com,
> it checks the security key, verifies that the bounce is a permanent
> bounce, and deletes the user.
it's worth noting that this is a succinct description of VERP (variable
envelope return path), something used by ezmlm and qmail to accomplish
exactly this--make it difficult to forge a bounce and easy to determine
true per-recipient bounces. VERP makes handling large mailing lists
trivial and significantly reduces this security problem.
see http://www.lifewithqmail.org/lwq.html#verp for a good description.
--
todd underwood, vp & cto
oso grande technologies, inc.
todd@osogrande.com
"Those who give up essential liberties for temporary safety deserve
neither liberty nor safety." - Benjamin Franklin
