The mailing list for listmasters using Sympa

[Dan Pritts <address@concealed>]

> On 27/09/10 15:54, Roger B.A. Klorese wrote:
>> So you're good with people forging subscriptions through your web form for 
>> others to harrass them, so you'd spam them on their behalf?
> I think the chances of that happening are negligible.

It used to be pretty common back before most MLM software required a 
confirmation.  Whether you'll have security-through-obscurity because nobody 
will expect it to be possible any more, I dunno.

I certainly would not configure a list server that way.

> Could someone not spoof a subscribe email to Sympa to the same effect?

If they can really do this without sympa requiring a second confirmation 
message, then yes, this is possible.  

without thinking too hard about it, it must be possible to write a scenario 
file that allows this.  

If such a scenario file ships with sympa, IMO that is a bug that should be 
fixed quickly.