| |
Well, I understand the problem, but also see another one with this.
For people personally paying for their bandwith it will just be even more
expensive.
I tested only one message now, but how about checking several messages at
once?
Or a better solution.
I apriciate your concern, but I think there is a better solution.
Sonnich
LUGNET Admin <todd@lugnet.com> wrote in message
news:GF40AG.31A@lugnet.com...
> The Quick Summary
> =================
>
> Effectively immediately, all LUGNET News posts now require e-mail
> authentication after posting, in order to prevent the continuance of • forged
> messages. An exception to this rule is if you are a member and signed-in
> through the web interface, in which case the system has already • authenticated
> you and simply logs your Member-ID in the message headers.
>
>
> The Explanation
> ===============
>
> The message transport system which LUGNET uses is based on trust and • honesty.
> It is an open system called NNTP (Network News Transport Protocol) in • which
> it is actually relatively easy for someone to dishonestly forge • messages --
> to cause them to appear as though they were written by someone other than • you.
>
> We've been lucky as a community that we were able to get this far (more • than
> two years -- almost three) without a dire need for authentication of • messages.
> Recently, however, there has been a spate of message forgeries. These
> forgeries have to stop.
>
> The simplest way around this is for the server to accept a message, then • send
> a quick confirmation e-mail to the poster listed in the From: header. • This
> e-mail contains a special URL which will authenticate or "release" the • message
> into the pool of active messages. Click that URL, then click "Post It" • and
> you're all set.
>
> I'm sorry that this extra step had to be imposed, but in retrospect, it • seems
> foolish that it wasn't there all along.
>
> BTW, if you are a LUGNET Member and you are signed in and post messages • via
> the web interface, the system already knows who you are, and it won't send
> you an e-mail asking you to authenticate your messages. There is • (currently)
> a slight loophole here in that a member could (if they jumped through • enough
> hoops) actually still provide a false e-mail address, but the Member-ID • number
> is logged in the article headers, so if someone does this, it will be • possible
> to know whom to give the boot. I'll be doing some more work later to • close up
> this loophole.
>
> --
> Todd S. Lehman | LUGNET Admin <todd@lugnet.com>
>
> p.s. My apologies if this message reaches you twice at different e-mail
> addresses...the address list I used was the entire database of everyone • who
> has registered for posting privileges at LUGNET, and I didn't want to risk
> guessing wrong about which addresses are people's primary ones.
|
|
1 Message in This Thread:
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
