Lyris User's Guide
[previous] [next] [contents]
Security Recommendations for Announcement lists
Table of Contents
Introduction
Lyris Email Commands
Web Interface for Users
Server Administrator
Site Administrator
List Administrator
Other Topics
Security Considerations
Security Issues Relating to Members
Access to the list archives
Access to the list of members
Access to Subscribe to the Mailing List
Steps to restrict false impersonations
Security Features for Posting Messages
Access to unsubscribe and change settings
Visibility of the existence of the mailing list
Web Interface Access
Overview of Lyris Posting Security
Security Considerations of the From: field
Security Recommendations for Announcement lists
How Lyris Determines the Identity of the Person Posting
Lyris Mail Merge
The Lyris command line
Modifying lyris.plc
Add-On Packages
Installing and Upgrading
Appendix
Frequently Asked Questions

Security Recommendations for Announcement lists

With announcement lists, it is known that disreputable persons forge the From: headers of their email messages, in order to try to appear as the administrator, so that their advertisements are distributed on other people's mailing lists. For this reason, on announcement lists, we recommend that you take the following steps:

* first, make your list posting by administrators only

* then, either set the list to moderate all messages (including your own) or use an action phrase to set up a posting password/secret code to reject all messages that do not have the required code. Alternatively, you can use the password-based posting feature that was introduced in Lyris version 2.548.

A more radical step is to disallow email submissions entirely, and only use the Lyris web interface to create messages. Yet even more secure would be to put the Lyris web interface behind a firewall, so that outsiders cannot get to it, or to put it in an undocumented server location, so that other people do not know it is there.

A complete listing of every security feature for posting is available in the section titled Security Features for Posting Messages.

Other pages which link to this page:
  • Security Issues Relating to Members
  • Page 397 of 556