Skip to Content.
Sympa Menu

en - Re: [sympa-users] Tickets incompatible with some anti-malware tools

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] Tickets incompatible with some anti-malware tools

Chronological Thread  
    < Chronological >       < Thread >
  • From: IKEDA Soji <address@concealed>
  • To: address@concealed
  • Subject: Re: [sympa-users] Tickets incompatible with some anti-malware tools
  • Date: Sun, 9 Mar 2014 18:08:43 +0900
Hi Sympa folks,

On Thu, 06 Mar 2014 09:03:23 -0800
Adam Bernstein <address@concealed> wrote:

> > So the only solution I see is for you to encourage your users to change
> > for another anti-phishing solution or, at least, to switch the "links
> > visit functionnality" off.
>
> For what it's worth, we've started seeing this problem with our users
> too - and we have no control at all over subscribers' email systems.
> Hundreds of clients host their lists on our server, and their lists
> contain hundreds or thousands of users from around the world, so there
> are at least two levels of disconnect between subscribers' choices and
> our ability to influence them.
>
> We know one-time ticketing is in use in many places, and I see no
> obvious way on the server side to deal with this client-side issue of
> malware scanners, but I just wanted to chime in. This is an issue we're
> going to see more of, and have no way of responding to.
>
> But maybe, I don't know, could they be *two-time* tickets...? (In fact,
> that would also help with another issue we see: people sometimes
> double-click the ticket link, thus accidentally blocking themselves.)

I think of "lock-out" feature on one-time ticket.

For example, once a user follows the ticket link, hereafter only
her/his client will be allowed: any acceses from other IP will be
refused.

Such feature may work well in unversity/enterprise cases: Each
clients are often expected to be assigned fixed IPs. However, it
can be helpless in NPO or personal cases: commercial providors
frequently update lease of IPs.

The second-best I can think out is locking-out based on cookie.
once a user follows the link, only accesses with same session cookie
will be allowed as long as session continues.

Is such features promising?


Regards,

--- Soji

--
株式会社 コンバージョン セキュリティ&OSSソリューション部 池田荘児
〒231-0004 神奈川県横浜市中区元浜町3-21-2 ヘリオス関内ビル7F
e-mail address@concealed TEL 045-640-3550
http://www.conversion.co.jp/


Archive powered by MHonArc 2.6.19+.

Top of Page