Lyris User's Guide
[previous] [next] [contents]
Access to unsubscribe and change settings
Table of Contents
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Security Considerations
Security Issues Relating to Members
Access to the list archives
Access to the list of members
Access to Subscribe to the Mailing List
Steps to restrict false impersonations
Security Features for Posting Messages
Access to unsubscribe and change settings
Visibility of the existence of the mailing list
Web Interface Access
Overview of Lyris Posting Security
Security Considerations of the From: field
Security Recommendations for Announcement lists
How Lyris Determines the Identity of the Person Posting
Lyris Mail Merge
The Lyris command line
Modifying lyris.plc
Add-On Packages
Installing and Upgrading
Frequently Asked Questions

Access to unsubscribe and change settings

A member can change their settings and unsubscribe using the Lyris web interface. This web interface account requires the email address and password for access.

On most mailing lists, in order to make things simple, users do not have a password, and only need their email address in order to access the Lyris web interface. This means that if someone knows another person's email address, that they can log into the Lyris web interface as that person, and then act on their behalf. In practice, this problem occurs rarely, but you may nonetheless want to prevent this security breach.

The simplest way to prevent this is to require passwords on your mailing list. As the list administrator, you can set your mailing list up to require that every member have a password. After this is set, emailed-in subscription requests are assigned a random password, and notified of it. Subscription requests from the Lyris web interface require that the person fill in a choice for their password. Once passwords are used, it is much more difficult for a malicious person to effect other people's subscriptions. For added security, you can use a secure web server (using SSL) or restrict web interface access using your web server's security measures (ie: an additional name/password combination, or a TCP/IP address block). Lyris also supports TCP/IP address blocks for both the user and admin portions of the web interface, so you can optionally lock out the web interface from any TCP/IP address that is not pre-approved.

Lyris supports unsubscribing by email. The simplest way to unsubscribe from a Lyris mailing list is to send email to the unsubscribe address which Lyris custom-makes for each member. For example, if you are on a mailing list called "jazztalk", the unsubscribe address that Lyris displays for you might be:

Only member 4323 will see this address. When email comes into Lyris with this address, Lyris will unsubscribe that member. The final "P" on the address is a "check character". This means that if someone malicious changes the number to something else, say "4000", by mailing to "", that Lyris will see that this number has been tampered with, because "P" is not the correct "check character" for the number "4000". In this case, Lyris will interpret the message is if it were sent to "", and unsubscribe the sender of the message.

Lyris has three levels of unsubscribe confirmations. An unsubscribe confirmation is an additional step that Lyris takes when someone tries to unsubscribe -- instead of immediately unsubscribing the person, Lyris sends an unsubscribe confirmation email message to the email address of the member. The member then receives the email message, and follows the instructions (which involve replying to the message) in order to be unsubscribed.

By default, all Lyris mailing lists are set to confirm "suspicious" unsubscribes. By "suspicious", we mean an unsubscribe request where something does not look right about it. For example, if the MAIL FROM (ie: Return-Path:), or the From: do not match address of the member being unsubscribed, Lyris believes the unsubscribe to be "suspicious" and issues a confirmation to the unsubscribe.

As a list administrator, you can also choose to never have unsubscribe confirmations, or to confirm all unsubscribes. You might want to never confirm unsubscribes on an announcement list, where members are not aware of each other, and thus cannot try to maliciously unsubscribe each other. On a close-knit discussion group, where all the members should stay on the mailing list, you might want to confirm all unsubscribes.

Note that identification of the email address to unsubscribe is a major problem with most other list servers. For example, if you subscribe to a mailing list with the email address "", and then a corporate mail system change causes your email address to become "", most list servers will not be able to automatically unsubscribe you, because they will not know that you are the same person in both cases.

Some list servers, such as majordomo, let you specify another email address to unsubscribe. This approach solves the immediate problem of not being able to unsubscribe, but has several major problems. First, it is a major security hole to allow anyone to be able to unsubscribe any other email address they please. Secondly, this solution presumes that the person realizes that their email address has changed in this subtle way, and knows enough about the list server to issue this modified unsubscribe command. Some list servers work around this second problem by allowing people to obtain the list of members, to see if some previous email address of theirs is on it. Of course, this solution is also a security hole, since it allows anyone to obtain your member list.

The Lyris approach, of per-member unsubscribe addresses, with a check-character, does not suffer from any of these security flaws, requires no special knowledge on the part of the member, and works very well.

The per-member unsubscribe address is implemented in Lyris as a mail merge tag, so that each member receives a unique email message, customized for their membership. By default, this tag is inserted in the header of each outgoing message, and is also defined in the default footer. You can remove either tag, as you wish, though we recommend that for infrequent announcement lists, you ought to leave the unsubscribe directions in the footer.

As far as changing settings by email are concerned, Lyris does not do a confirmation message when a setting has been changed. However, Lyris does send a notification email message to the email address of the member, letting them know that their settings have been changed. This is generally effective in preventing security problems, as changing other people's settings is not a common type of security breach.

Other pages which link to this page:
  • Security Issues Relating to Members
  • Page 392 of 556