The mailing list program ezmlm does use the Return-Path from the mail as the address to subscribe and the one is sends the confirmation mail to. The Return-Path is the SMTP envelope sender set with the MAIL FROM command. You usually can't forge this on Unix machines when going through the sendmail process. You can set this when talking directly to the SMTP server but many SMTP servers have limitations on what address they accept. If you are talking to your own mail server, you can configure it to accept these messages but make sure you don't allow your mail server to become a spam relay.

I would argue that ezmlm's behavior is wrong. It should use the From: header to determine the address to subscribe. Its behavior inhibits what you are trying to do of generating a subscription message on behalf of someone else. By forging the Return-Path all bounces messages will go to the user. They really should go to an address that you look at. It doesn't provide any extra security from forgery or spam because the return-path is as easy to forge as the From: header.

You probably don't have any choice in which mailing list program you are using. If you have control of the mailing list, you might want to check if there is some way you can change this behavior. Or if there is some way to access the subscription process.

In reply to Re: Re: Re: form+subscription+Perl+sendmail = TROLL by iburrell
in thread form+subscription+Perl+sendmail = TROLL by vnomad

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.