[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mailing a copy of a message from an archive

To answer the couple of messages that echoed the same sentiment...

On Mon, Sep 30, 2002 at 11:50:14AM -0500, Earl Hood wrote:
> 
> This kind of feature could be abused since it would require that
> you specify which email address to send a copy of the message to,

Right.  I should have mentioned that I did realize this.  There are a
couple of ways to prevent abuse...

> and a malicious user could choose arbitrary addresses to submit.

This could happen, yes, without mechanisms to prevent it.

> The <http://www.mhonarc.org/archive/html/> archives (and any that
> use mharc) have an Original link that downloads the original raw message.

Hmmmm.  An interesting approach could be to configure one's browser to
fire up the MUA (or open a window on an already running MUA) and open
the downloaded content when downloading something of content type
"message/rfc822".  Of course, the webserver sending the message would
have to send it with the appropriate mime-type.

> For the MUA I use, nmh, it is trivial to import the data into my inbox
> so I can manipulate it like any other message.  However, for other MUAs,
> importing the dowloaded raw message may be more difficult.

Shouldn't be too difficult with mutt or even perhaps Evolution.  I do
like this idea a bit more than "bounce the message to: ".  But to
finish my thought on my original idea...

> I like your idea, but unfortunately, I do not see a way to prevent
> if from being abused.

Two different ways, or a combination of them if one wished.  One would
be to rate limit the number of messages a given IP in a given time
window can have bounced.  Not fool-proof by any means.

The second is to limit bouncing messages to list-subscribed addresses
only.  This one is fool-proof (well as fool-proof as DoS-preventing
any mailing list in the first place) but requires more hoops to simply
get a message to respond to.

> Note, some do use mailto: links, but it is limited if you desire
> to have access to the entire message body.

Right.

b.

-- 
Brian J. Murrell

Attachment: pgp00002.pgp
Description: PGP signature

[Index of Archives]     [Bugtraq]     [Yosemite News]     [Mhonarc Home]