Subject:
|
Re: E-mail authentication during posting
|
Newsgroups:
|
lugnet.admin.nntp
|
Date:
|
Tue, 19 Jun 2001 00:20:50 GMT
|
Viewed:
|
566 times
|
| |
|
|
This is really annoying and is impacting my posting frequency.
Since I use a cable modem, I'm always posting from the same IP address. Is
there any way to enter an IP address as "authorized" to be myself?
If that won't work, how about making it so we can just reply to the email
instead of going to the web page. I think I could create an auto-reply rule
or something in my mail program that would make this automatic.
LUGNET Admin <todd@lugnet.com> wrote in message
news:GF40AG.31A@lugnet.com...
> The Quick Summary
> =================
>
> Effectively immediately, all LUGNET News posts now require e-mail
> authentication after posting, in order to prevent the continuance of • forged
> messages. An exception to this rule is if you are a member and signed-in
> through the web interface, in which case the system has already • authenticated
> you and simply logs your Member-ID in the message headers.
>
>
> The Explanation
> ===============
>
> The message transport system which LUGNET uses is based on trust and • honesty.
> It is an open system called NNTP (Network News Transport Protocol) in • which
> it is actually relatively easy for someone to dishonestly forge • messages --
> to cause them to appear as though they were written by someone other than • you.
>
> We've been lucky as a community that we were able to get this far (more • than
> two years -- almost three) without a dire need for authentication of • messages.
> Recently, however, there has been a spate of message forgeries. These
> forgeries have to stop.
>
> The simplest way around this is for the server to accept a message, then • send
> a quick confirmation e-mail to the poster listed in the From: header. • This
> e-mail contains a special URL which will authenticate or "release" the • message
> into the pool of active messages. Click that URL, then click "Post It" • and
> you're all set.
>
> I'm sorry that this extra step had to be imposed, but in retrospect, it • seems
> foolish that it wasn't there all along.
>
> BTW, if you are a LUGNET Member and you are signed in and post messages • via
> the web interface, the system already knows who you are, and it won't send
> you an e-mail asking you to authenticate your messages. There is • (currently)
> a slight loophole here in that a member could (if they jumped through • enough
> hoops) actually still provide a false e-mail address, but the Member-ID • number
> is logged in the article headers, so if someone does this, it will be • possible
> to know whom to give the boot. I'll be doing some more work later to • close up
> this loophole.
>
> --
> Todd S. Lehman | LUGNET Admin <todd@lugnet.com>
>
> p.s. My apologies if this message reaches you twice at different e-mail
> addresses...the address list I used was the entire database of everyone • who
> has registered for posting privileges at LUGNET, and I didn't want to risk
> guessing wrong about which addresses are people's primary ones.
|
|
Message has 4 Replies:
 | | Re: E-mail authentication during posting
|
| (...) Ditto. I have a static IP as well. But I think it's possible people may post from more than one place, so if this is done, it should be allowed to enter more than one IP address, or to allow the authentication mechanism to work if you are not (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
| | | Re: E-mail authentication during posting
|
| (...) but by doing that, you'll be breaking the whole authentication process - If I know that you have such a rule that auto authorizes posts by you, I can spoof posts as you with no problem... your auto-reply will authorize them without (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
| | | Re: E-mail authentication during posting
|
| (...) Not currently, no. Let me think about IP-based authentication for a while. (...) This I can definitely do, but it will have to be at least somewhat interactive so that someone doesn't accidentally cause a message to get posted simply by (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
15 Messages in This Thread:
 
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
