Security Recommendations for Announcement lists
With announcement lists, it is known that disreputable persons forge the From: headers of their email messages, in order to try to appear as the administrator, so that their
advertisements are distributed on other people's mailing lists. For this reason, on announcement lists, we recommend that you take the following steps:
* first, make your list posting by administrators only
* then, either set the list to moderate all messages (including your own) or use an action phrase to set up a posting password/secret code to reject all messages that do not have the required code.
Alternatively, you can use the password-based posting feature that was introduced in Lyris version 2.548.
A more radical step is to disallow email submissions entirely, and only use the Lyris web interface to create messages. Yet even more secure would be to put the Lyris web interface behind a
firewall, so that outsiders cannot get to it, or to put it in an undocumented server location, so that other people do not know it is there.
A complete listing of every security feature for posting is available in the section titled Security Features for Posting Messages.