Lyris User's Guide
[previous] [next] [contents]
Confirmed subscriptions
Table of Contents
Introduction
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Security Considerations
Security Issues Relating to Members
Access to the list archives
Access to the list of members
Access to Subscribe to the Mailing List
Steps to restrict false impersonations
Security Features for Posting Messages
List admin posting
Admin Moderation
Number moderating
Allow Non-Member Posting
Action Phrase Restrictions
Password based posting
Banning members
Disallow Email Posting
Secure HTTP web interface
Lyris extensions
Confirmed subscriptions
Duplicate messages
Cross-posting
Maximum posts per member
Maximum quoting allowed
Maximum Messages Per Day
Limit the Message Size
Reject Email Attachments
Moderator auto-approval
Command detection
Anonymous Postings
Access to unsubscribe and change settings
Visibility of the existence of the mailing list
Web Interface Access
Overview of Lyris Posting Security
Security Considerations of the From: field
Security Recommendations for Announcement lists
How Lyris Determines the Identity of the Person Posting
Lyris Mail Merge
The Lyris command line
Modifying lyris.plc
Add-On Packages
Installing and Upgrading
Appendix
Frequently Asked Questions

Confirmed subscriptions

Lyris can send a "confirmation request" when a person asks to subscribe to a mailing list. The confirmation request message is sent to the email address that was subscribed. The person must receive this confirmation request message, and reply to it, in order for the membership to be activated. With a confirmed subscription, Lyris has proven that the email address given to Lyris is indeed the email address of the person who requested the subscription.

Confirmed subscriptions prevent two problems:

a) people sometimes join a mailing list under a fake email address, in order to post harassing or otherwise inappropriate messages to the mailing list. With a confirmed subscription, people must use an email address that they can receive email at, which provides a "paper trail" that points back to a real person.

b) in order to harass other people, some malicious people will subscribe the other person to mailing lists that the person never asked to be signed up to. If enough mailing lists are involved, the person may receive a huge amount of email, and this can be a real inconvenience to them. This is especially a problem when a web form is used to subscribe people, as it is very easy to enter someone else's email address in that form. Confirmed subscription solve this problem, because the person being abused gets the confirmation request, and does not confirm, so that they membership is never activated.

Other pages which link to this page:
  • Security Features for Posting Messages
  • Page 381 of 556