On my LISTSERV list, what security settings are available?
LISTSERV mailing lists have become a prime target for spam. If you maintain a LISTSERV mailing list, you can protect your subscribers from unwanted or harassing messages by setting a personal password and using certain keyword settings in your list's header (see below).
Use a personal password
Set up a personal password for each list you own to prevent a hacker from making changes to your list by spoofing your email address. Finding a list owner's email address and spoofing email are not difficult to do, and thus your list is vulnerable to attack until you set a personal password; see In LISTSERV, how do I set or change a personal password?
Recommended keyword settings
To protect your subscribers from unwanted messages, UITS recommends the following keyword settings:
| Keyword and setting | Explanation |
|---|---|
|
| |
| Attachment= No | Only plain text and HTML text attachments will be posted to the list. All other types will be rejected. |
|
| |
| Confidential= Yes | The web advertises a global list of
mailing lists, which is available to the general public. Use this
setting to prevent your list from appearing globally.
Note: At Indiana University, when you create a LISTSERV list, it is confidential unless you specifically request that the list be public. If you want to advertise your list, don't use this keyword. |
|
| |
Editor=
username@hostname.domain,username2@hostname.domain
|
Replace the generic email addresses with the addresses of your list's editors (i.e., those people who can post directly to your list). |
|
| |
Moderator=
All,username@hostname.domain,username2@hostname.domain
|
A moderated list has at least one editor (i.e., moderator) who reviews all
messages sent to the list, and decides whether or not messages should
be posted to the list (i.e., sent out to the subscribers). Spam is
less likely to appear on a moderated list, because all incoming
messages are reviewed and approved before they are posted to the list.
With this setting, postings will go to all moderators for approval. Replace the generic email addresses with the addresses of those people who will be moderating your list. |
|
| |
| Review= Owner | The Review keyword controls who may view the email addresses and names of the subscribers on a list. With this setting, only the list owner can review the subscriber list. |
|
| |
| Send= Editor,Hold,Confirm
or |
The Send keyword controls who may post mail to the list. With this setting, any file or piece of mail sent to the list will be forwarded to the list editor(s), allowing the editor(s) to make changes before a message is posted. Messages will be held for a period of time (usually seven days) until an editor confirms the message with the OK mechanism. Unconfirmed messages will expire and be purged by LISTSERV. Postings coming directly from an editor must be confirmed with the OK mechanism. |
| Send= Private,Confirm or |
With this setting, only subscribers can post to the list, but each message must be confirmed by a moderator. |
| Send= Public,Confirm | With this setting, anyone is allowed to post to the list, but each message must be confirmed by a moderator. |
|
| |
| Subscription=
By_Owner or |
The Subscription keyword controls who can subscribe to your list. With this setting, the list owner will receive all subscription requests for approval. |
| Subscription= Closed | With this setting, subscription requests are not allowed. Only the owner will be able to add new subscribers. |
|
| |
| Validate= Yes,Confirm | The Validate keyword sets the level of password validation that is required for list maintenance commands. With this setting, list maintenance commands must be validated using the OK mechanism. Personal passwords will be accepted where appropriate. |
|
| |
For more, see On my LISTSERV list, how can I modify the list header? and What information is stored in a LISTSERV list header file?
For more about spam and LISTSERV, see L-Soft's About Spam page.
Last modified on November 17, 2009.
