[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Verifying email addresses

To: Richard Johnson <rdump@river.com>, Joseph Erickson <jerickson@eyemg.com>, MacPerl List <macperl@macperl.org>
Subject: Re: [MacPerl] Verifying email addresses
From: Brian McNett <brianmc@telebyte.net>
Date: Fri, 04 Aug 2000 22:00:04 -0700
In-Reply-To: <v03130301b5b13010aac2@oogaboogabog>

on 8/4/00 7:51 PM, Richard Johnson at rdump@river.com wrote:

> There is only one reliable way to do it.  At the time you gather the
> address in the first place, require a handshake.  Send the address a unique
> token with instructions to return the token only if the address owner
> really means to sign up for whatever you're offering.  If the token is
> returned, then you know both that the address is valid, and the owner
> wasn't being spoofed by some vandal.

This actually has a bearing on my current job. ;-)

Please see:

http://www.mail-abuse.org/manage.html (Basic Mailing List Management
Principles for Preventing Abuse)

What Richard is proposing above is simply the most common way of creating a
Verified Opt-in process.  This prevents a LOAD of grief later from users who
mistype their email addresses, vandals who forge-subscribe enemies, and so
forth. Another method is to send the subscriber a password, and make them
visit a website where they can confirm their subscription.

The reasons for doing a three-way handshake are simple in concept, but
rather hard to explain to those not fully familiar with the issues. There is
a LONG history of abuse, and many people will be greatly unhappy if you set
up your system in such a way that it *can* be abused.

A confirmation is needed, because initially you can not be sure of the
identity of the sender.  You need to insure that the information supplied is
correct, that the sender is indeed who he/she claims, and that whatever
email service you are providing is actually *wanted*.

And yes, this can all be done in Perl... (barely managed to stay on topic).

--Brian

-- 
bmcnett@dante.mail-abuse.org  <-- Network Abuse Incident Investigator
webmaster@mycoinfo.com        <-- The World's First Mycology E-Journal
bmcnett@krl.org               <-- Supporting Free Community Internet Access
brianmc@telebyte.net          <-- And I *DO* have a life!

# ===== Want to unsubscribe from this list?
# ===== Send mail with body "unsubscribe" to macperl-request@macperl.org

References:
- Re: [MacPerl] Verifying email addresses
  - From: "Richard Johnson" <rdump@river.com>

Prev by Date: Re: [MacPerl] Verifying email addresses
Next by Date: [MacPerl] MacPerl Questions...
Prev by thread: Re: [MacPerl] Verifying email addresses
Next by thread: Re: [MacPerl] Verifying email addresses
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net