[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mailing a copy of a message from an archive



On September 30, 2002 at 23:00, mhonarc@interlinx.bc.ca wrote:

> > The <http://www.mhonarc.org/archive/html/> archives (and any that
> > use mharc) have an Original link that downloads the original raw message.
> 
> Hmmmm.  An interesting approach could be to configure one's browser to
> fire up the MUA (or open a window on an already running MUA) and open
> the downloaded content when downloading something of content type
> "message/rfc822".  Of course, the webserver sending the message would
> have to send it with the appropriate mime-type.

I've actually played with sending message/rfc822, and many modern
browsers can actually render the message (minus attachments).  However,
this open things up for XSS attacks.  Hence, I always send text/plain
as the type.

> > I like your idea, but unfortunately, I do not see a way to prevent
> > if from being abused.
> 
> Two different ways, or a combination of them if one wished.  One would
> be to rate limit the number of messages a given IP in a given time
> window can have bounced.  Not fool-proof by any means.

Requires extra work.  I thought of this, but I believe the costs in
implementation out-weight any benefits.

> The second is to limit bouncing messages to list-subscribed addresses
> only.  This one is fool-proof (well as fool-proof as DoS-preventing
> any mailing list in the first place) but requires more hoops to simply
> get a message to respond to.

It still allows someone to mail bomb subscribers.

--ewh

---------------------------------------------------------------------
To sign-off this list, send email to majordomo@mhonarc.org with the
message text UNSUBSCRIBE MHONARC-USERS


[Index of Archives]     [Bugtraq]     [Yosemite News]     [Mhonarc Home]