Lyris User's Guide
[previous] [next] [contents]
Security Considerations of the From: field
Table of Contents
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Security Considerations
Security Issues Relating to Members
Access to the list archives
Access to the list of members
Access to Subscribe to the Mailing List
Steps to restrict false impersonations
Security Features for Posting Messages
Access to unsubscribe and change settings
Visibility of the existence of the mailing list
Web Interface Access
Overview of Lyris Posting Security
Security Considerations of the From: field
Security Recommendations for Announcement lists
How Lyris Determines the Identity of the Person Posting
Lyris Mail Merge
The Lyris command line
Modifying lyris.plc
Add-On Packages
Installing and Upgrading
Frequently Asked Questions

Security Considerations of the From: field

The From: field in email messages is insecure. Many mail programs, such as Netscape Mail, and Pegasus Mail, allow you to tailor the From: field to say absolutely anything you want. Thus, it is easy for anyone to send mail to someone else, and have a forged From: line.

Therefore, when messages come into Lyris, it is possible that they are forged, and that the From: is not really who the message was written by. There is no good solution to this email authentication problem at the current time. There are secure email standards, but these are not in widespread use, so they cannot be used by Lyris.

With discussion groups, the insecurity of the From: field is not usually a problem. People tend not to be malicious.

With announcement lists, we suggest that you implement additional security measures to prevent unwanted postings.

The two most commonly recommended approaches are:

1) moderate your mailing list, so that you receive a confirmation request before the posting is allowed through to the list.

2) require that the user password be included in the body of the message.

Other pages which link to this page:
  • Security Issues Relating to Members
  • Page 396 of 556