-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 26, 2005, at 03:14, Jeroen Massar wrote:
Indeed when some 'malicious' person would add Cc's/To's and would instruct his SMTP to not forward to the additional addresses in the Cc/To the users will effectively not receive the message.
But how exactly does this cause a problem?
Isn't that enough? Tricking the list software into excluding certain people from part of a discussion, even if it's only the part sent by one certain submitter? It gives a false impression to the other list members that certain list members are part of the discussion when they have quietly been left out.
If that's not bad enough, what if the message in question were forged as being from someone who was also excluded from receiving it through this mechanism? "I'm a moron, and I take back all the objections I raised to your proposal; WG chair, I support this proposal and think it should be sent to the IESG." If the supposed sender never even sees a copy of "his" message, and if it's well crafted so as to not actually draw a direct reply, the WG may proceed on the assumption that it's legitimate. (Of course, if the person is offline for a vacation or something, the same might happen. And habitually signing one's messages may help call attention to the forgery, but we've got a ways to go to make that commonplace.)
Malicious intent aside, it's also useful to know sometimes if the mailing list software is somehow munging your messages in a way you didn't intend. Stripping out attachments, converting encodings, changing HTML to plain text, etc. (And I've seen mailman occasionally botch some such processing, leaving empty messages, but I don't recall the specifics at the moment, or if it's been fixed.)
Ken -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDDstIUqOaDMQ+e5gRArYYAJsENV6hSl9LLpoccHauYxwzMzBImQCfZQeG X0MLvP0XN+U+mQ39tW+VtD4= =vnF1 -----END PGP SIGNATURE----- _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf