on 8/4/00 7:51 PM, Richard Johnson at rdump@river.com wrote: > There is only one reliable way to do it. At the time you gather the > address in the first place, require a handshake. Send the address a unique > token with instructions to return the token only if the address owner > really means to sign up for whatever you're offering. If the token is > returned, then you know both that the address is valid, and the owner > wasn't being spoofed by some vandal. This actually has a bearing on my current job. ;-) Please see: http://www.mail-abuse.org/manage.html (Basic Mailing List Management Principles for Preventing Abuse) What Richard is proposing above is simply the most common way of creating a Verified Opt-in process. This prevents a LOAD of grief later from users who mistype their email addresses, vandals who forge-subscribe enemies, and so forth. Another method is to send the subscriber a password, and make them visit a website where they can confirm their subscription. The reasons for doing a three-way handshake are simple in concept, but rather hard to explain to those not fully familiar with the issues. There is a LONG history of abuse, and many people will be greatly unhappy if you set up your system in such a way that it *can* be abused. A confirmation is needed, because initially you can not be sure of the identity of the sender. You need to insure that the information supplied is correct, that the sender is indeed who he/she claims, and that whatever email service you are providing is actually *wanted*. And yes, this can all be done in Perl... (barely managed to stay on topic). --Brian -- bmcnett@dante.mail-abuse.org <-- Network Abuse Incident Investigator webmaster@mycoinfo.com <-- The World's First Mycology E-Journal bmcnett@krl.org <-- Supporting Free Community Internet Access brianmc@telebyte.net <-- And I *DO* have a life! # ===== Want to unsubscribe from this list? # ===== Send mail with body "unsubscribe" to macperl-request@macperl.org