Using Aurea List Manager > Utilities > List Settings > Security

Security

The Security tab is used to set security measures for the Email Submitted Content. The fields available are explained in the table below:

Field Name Description

Field Name	Description
Reject Email Submissions	This setting determines whether all submissions sent via email should be automatically rejected. By default, your list is set to allow submissions by email. If you change Reject Email Submissions to `Yes`, then any email that is sent to the list is automatically rejected. Only postings made through the Aurea List Manager web interface or via a script is allowed Email can fairly easily be spoofed; that is, someone can make the email appear to be from someone it is not from. Thus, email is not a very secure mechanism for authenticating users. Someone malicious can configure their email program to be someone else and send messages as if they were that person In most mailing list situations, users behave ethically, and do not impersonate others, so the risk of abuse is minimal. However, you may have a need to have as much security as possible so that there is very little risk of improper email getting posted to your list. In such a case, you might want to disallow all postings over email. Only postings through the web interface or postings made with a script is allowed. Note These postings are subject to normal security settings, such as moderation, match phrases and so on
Only Admins Can Send	When this is set to `Yes`, only list administrators are allowed to contribute messages to the mailing list. Any member who attempts to contribute a message has their contribution automatically rejected. The Admin Send feature is useful for announcement or email marketing type mailing lists, where a select group is allowed to post to the list, but where all other members should not be allowed to post to the list. By default, this setting is set to `Yes` for Email Marketing and Announcement lists created through Utilities > Administration > Lists > New List.
Require Password in Body	This option determines whether lists postings contributed by email require senders to include their personal passwords in the following format: `PASSWORD`:your_password `PASSWORD` must be capitalized, and there may be no spaces. For example, if you are posting to a list that requires the password in the body, and your password is `sw33t`, you include the following in your messages: `PASSWORD:sw33t` Your password is automatically removed before your message is distributed so others won't see it Passwords are only required for members who have passwords. If certain members do not have passwords, this option does not have any affect on their ability to post messages to the list. If you want all members to have passwords, and for their passwords to be required in all list postings, you should also set "Require Password to be true. Require Password in Body (is distinct from Password Required) requires that all members have passwords. For more information, see New subscriber requirements Including a password in an email message is inherently insecure. If you are concerned about password security, do not require a password in the body of the message.

Reject Email Submissions

This setting determines whether all submissions sent via email should be automatically rejected. By default, your list is set to allow submissions by email. If you change Reject Email Submissions to Yes, then any email that is sent to the list is automatically rejected. Only postings made through the Aurea List Manager web interface or via a script is allowed

Email can fairly easily be spoofed; that is, someone can make the email appear to be from someone it is not from. Thus, email is not a very secure mechanism for authenticating users. Someone malicious can configure their email program to be someone else and send messages as if they were that person

In most mailing list situations, users behave ethically, and do not impersonate others, so the risk of abuse is minimal.

However, you may have a need to have as much security as possible so that there is very little risk of improper email getting posted to your list. In such a case, you might want to disallow all postings over email. Only postings through the web interface or postings made with a script is allowed.

Note

These postings are subject to normal security settings, such as moderation, match phrases and so on

Only Admins Can Send

When this is set to Yes, only list administrators are allowed to contribute messages to the mailing list. Any member who attempts to contribute a message has their contribution automatically rejected. The Admin Send feature is useful for announcement or email marketing type mailing lists, where a select group is allowed to post to the list, but where all other members should not be allowed to post to the list.

By default, this setting is set to Yes for Email Marketing and Announcement lists created through Utilities > Administration > Lists > New List.

Require Password in Body

This option determines whether lists postings contributed by email require senders to include their personal passwords in the following format:

PASSWORD:your_password

PASSWORD must be capitalized, and there may be no spaces.

For example, if you are posting to a list that requires the password in the body, and your password is sw33t, you include the following in your messages:

PASSWORD:sw33t

Your password is automatically removed before your message is distributed so others won't see it

Passwords are only required for members who have passwords. If certain members do not have passwords, this option does not have any affect on their ability to post messages to the list.

If you want all members to have passwords, and for their passwords to be required in all list postings, you should also set "Require Password to be true. Require Password in Body (is distinct from Password Required) requires that all members have passwords. For more information, see New subscriber requirements

Including a password in an email message is inherently insecure. If you are concerned about password security, do not require a password in the body of the message.

Free Trial›

Security

Related Topics

Aurea List Manager Help System

Copyright © GFI Software 2021

Security

Related Topics

Aurea List Manager Help System

Copyright © GFI Software 2021

Feedback

Share