Subject:
|
Re: E-mail authentication during posting
|
Newsgroups:
|
lugnet.admin.nntp
|
Date:
|
Mon, 18 Jun 2001 19:42:43 GMT
|
Viewed:
|
537 times
|
| |
|
|
Hi Todd,
I understand the reasons for doing this, but unfortunately, I used a
newsreader to check LUGNet. Now if I want to post, I'll have to go to my
browser, look up the newsgroup, find the message I want to respond to, and
then post. Needless to say, I think my posting will see a dramatic drop in
frequency.
I appreciate your efforts to solve the problem, however.
:^(
~Mark
In lugnet.announce, Todd Lehman writes:
> The Quick Summary
> =================
>
> Effectively immediately, all LUGNET News posts now require e-mail
> authentication after posting, in order to prevent the continuance of forged
> messages. An exception to this rule is if you are a member and signed-in
> through the web interface, in which case the system has already authenticated
> you and simply logs your Member-ID in the message headers.
>
>
> The Explanation
> ===============
>
> The message transport system which LUGNET uses is based on trust and honesty.
> It is an open system called NNTP (Network News Transport Protocol) in which
> it is actually relatively easy for someone to dishonestly forge messages --
> to cause them to appear as though they were written by someone other than you.
>
> We've been lucky as a community that we were able to get this far (more than
> two years -- almost three) without a dire need for authentication of messages.
> Recently, however, there has been a spate of message forgeries. These
> forgeries have to stop.
>
> The simplest way around this is for the server to accept a message, then send
> a quick confirmation e-mail to the poster listed in the From: header. This
> e-mail contains a special URL which will authenticate or "release" the message
> into the pool of active messages. Click that URL, then click "Post It" and
> you're all set.
>
> I'm sorry that this extra step had to be imposed, but in retrospect, it seems
> foolish that it wasn't there all along.
>
> BTW, if you are a LUGNET Member and you are signed in and post messages via
> the web interface, the system already knows who you are, and it won't send
> you an e-mail asking you to authenticate your messages. There is (currently)
> a slight loophole here in that a member could (if they jumped through enough
> hoops) actually still provide a false e-mail address, but the Member-ID number
> is logged in the article headers, so if someone does this, it will be possible
> to know whom to give the boot. I'll be doing some more work later to close up
> this loophole.
>
> --
> Todd S. Lehman | LUGNET Admin <todd@lugnet.com>
>
> p.s. My apologies if this message reaches you twice at different e-mail
> addresses...the address list I used was the entire database of everyone who
> has registered for posting privileges at LUGNET, and I didn't want to risk
> guessing wrong about which addresses are people's primary ones.
|
|
Message has 1 Reply:
 | | Re: E-mail authentication during posting
|
| "Mark Sandlin" <sandlin@nwlink.com> wrote in message news:GF55F7.Bp4@lugnet.com... (...) I have to agree with Mark. We also post via newsreader and this new method of posting will probably drop the number of messages I post. I also have the problem (...) (23 years ago, 18-Jun-01, to lugnet.admin.nntp)
|
3 Messages in This Thread:
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
