[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A proposed Change to the "message" command.

To: <pbmserv-users@gamerz.net>
Subject: Re: A proposed Change to the "message" command.
From: John Williams <williams@tni.com>
Date: Sun, 2 Mar 2003 22:23:22 -0700 (MST)
cc: Richard Rognlie <rrognlie@gamerz.net>
In-Reply-To: <20030302180853.GP7002@gamerz.net>
Sender: owner-pbmserv-users@gamerz.net

On Sun, 2 Mar 2003, Richard Rognlie wrote:

> some time ago, it was pointed out to me that pbmserv was "leaking"
> player information if they used the "message" command to send
> a message to other players.  and on investigation, it was completely
> confirmed.
>
> If you used the message command to send a message to another player
> they would see your return email address.  So we changed the message
> command to be "From" pbmserv.  It makes it harder to reply.  Now you
> must remember to change the Subject: into the appropriate command, etc.
> etc.
>
> and I can't tell you how many times I've replied, only to have it
> bounce because I forgot to frob with the Subject line...
>
> So... I'm contemplating a new pbmserv service.  And that would be
> the creation of a pbmserv email "alias" for each pbmserv user.
>
>     e.g. rrognlie@pbmserv.gamerz.net
>
> so, if you want to send a message to a number of players on the
> server, just CC all of them in your normal email client.  If you
> wish to remain anonymous...  the message command will continue to
> work, using the same mechanism, but IT would set the From address
> for you (and no longer make pbmserv@gamerz.net the sender).

Well, currently when I receive a message, the "From:" line is
"user via <pbmserv@gamerz.net>".  And when I reply, this is put into the
"To:" line.

So it seems to me it would not be too hard to have pbmserv.pl check for
"via" in the "To:" line, and forward the message to the user who's name is
before the "via".

On the other hand, the end result of that is really not any different from
your proposal.  So, um, maybe forget I said anything...

> THIS IS JUST A PROPOSAL.  I've not started doing anything with it
> yet.  Are there any privacy concerns here?   And how might we
> see about addressing possible SPAM issues...?
>
> Should only addresses associated with pbmserv userids be allowed
> to post to other pbmserv users?

I think this would be a good idea.  With the message command, the user
verifies himself with his password.  If he simply replies to a message,
you can use his "from" address to verify him.  One could not simply reply
from a different email address, but the message command is still available
if that is the case.

And if you really want to protect privacy, after validating the sender's
address, you could replace it with the "user@pbmserv.gamerz.net" address.

~ John Williams

References:
- A proposed Change to the "message" command.
  - From: Richard Rognlie <rrognlie@gamerz.net>

Prev by Date: Re: A proposed Change to the "message" command.
Next by Date: unsubscribe pbmserv-users@gamerz.net
Prev by thread: Re: A proposed Change to the "message" command.
Next by thread: A proposed Change to the "message" command.
Index(es):
- Date
- Thread