It is possible to mailbomb a third party by repeatedly posting the subscribe form.
Bug #1859104 reported by
Mark Sapiro
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNU Mailman |
Fix Released
|
Medium
|
Mark Sapiro | ||
Bug Description
This can be prevented by refusing to pend a subscription when one is already pending, but that means if a subscriber loses or doesn't receive the confirmation request email, she has to wait PENDING_
It can also be avoided by setting the list's subscribe_policy to Moderate, but that may not be desirable in many cases.
Because of these considerations, I will implement the refusal to pend a subscription when one is already pending, but make that depend on a new REFUSE_
Related branches
| Changed in mailman: | |
| status: | In Progress → Fix Committed |
| Changed in mailman: | |
| status: | Fix Committed → Fix Released |
| assignee: | nobody → Mark Sapiro (msapiro) |
To post a comment you must log in.
