Security for Posting Messages
The From: field in email messages is insecure. Many email clients allow you to tailor the From: field to say absolutely anything you want. Thus, it is easy for anyone to send mail to someone else and have a forged From: line.
There are many ways Aurea List Manager may validate that email messages it received should be posted through the list:
Verification of Email Address
When mail comes into a mailing list for distribution, Aurea List Manager looks at the From: header, extracts the email address and looks up the email address in the list of members for that list. If the email addresses match, the message is assumed to be from that member. If they do not match, Aurea List Manager rejects the message.
Verification by Name
Aurea List Manager can also verify the identity of a poster by matching the name with the member's full name, if the option Allow Name Match in Utilities: Administration: Server: Server Settings: Security: Spam Blocking is enabled.
If enabled, Aurea List Manager looks up that full name to see if they are a member of the mailing list. If the full name matches, then the posting is assumed to be by that member. Aurea List Manager uses this technique to work around a common problem with list managers. If only members are allowed to post and the list manager knows people only by their email address, then people with multiple email addresses are continually refused the right to post, because their alternate email addresses are not listed as members. Since ListManager matches on the email address, and if that fails, on the full name, in a wide variety of situations it correctly identifies the member and their posting is not refused as being "not from a member of this list".
However, this feature can also let spam or viruses post to the list if the name in the From: field matches the name of any member. Therefore, it is disabled by default.
Restrict Posting to Administrators
By default, email marketing and announcement style lists only allow administrators to post messages through a list. However, due to the risk of forgery, even these lists should require moderation. See Utilities: List Settings: Email Submitted Content: Security for more information.
Moderation
A list may be set to require moderation of all messages. When a list is moderated, an administrator must approve the message before it is sent to the list. ListManager supports various levels of moderation; see Utilities: List Settings: Email Submitted Content: Security for more information.
Restrict Email Posting
A more radical step is to disallow email submissions entirely and only use the web interface to create messages. Yet even more secure would be to put the web interface behind a firewall, so that outsiders cannot get to it, or to put it in an undocumented server location, so that other people do not know it is there. See Utilities: List Settings: Email Submitted Content: Security for more information.
Allow Non-Member Posting
By default non-members cannot post to a mailing list. This can be disabled, to allow non-members to post. If new member moderating is on, the postings from the non-members are treated as new member postings, and are moderated. Non-member posting may be enabled in Utilities: List Settings: Discussion Group Features: Security.
On the Utilities > List Settings > Discussion Group Features > Security page, if Reject posts from non-members is set to Yes, and a non-member attempts to post a message, the post is not accepted and ListManager does not send a return message stating that the post failed. This is done in order to prevent responses to potential spam.
Match Phrase Protection
Recipients may need to include a specified word in their postings in order to be accepted. If the word is missing, the message would be rejected. See Utitilities: Automated Messages: Match Phrases for more information.
Password Protected Posting
All postings to the mailing list must have the sender's password in the first line, in the format PASSWORD:user_password. See Utilities: List Settings: Email Submitted Content: Security for more information.
Bans
Members: Bans prohibit posting from rejected addresses. Because the From: field may be forged to be from an accepted address, bans do not provide sufficient protection.
Anonymous Postings
Some kinds of mailing lists benefit from allowing people to be anonymous when they post. For example, an employee suggestion discussion might need to be anonymous, as might a psychological support group.
Aurea List Manager supports Anonymous mailing lists, by removing all identifying marks from the headers of the messages distributed to the mailing list. The From: defaults to "Anonymous" and can be set to something else if desired.
If a list is moderated, the moderator sees the real author of the message before approving it, and it "anonymizes" when distributed.
This feature cannot read, so if the message body contains something, which identifies the person, Aurea List Manager cannot do anything about that. Remember to not include your personal mail footers when posting to an anonymous mailing list.
To make your list anonymous, go to Utilities: List Settings: Discussion Group Features: Message Look.
Maximum Messages Per Day
This setting limits the total number of postings to mailing list, in one day. Some mailing lists may want to set an upper limit on the activity of a mailing list and can use this feature to do it. This limit applies to all postings by all members of the mailing list. See Utilities: List Settings: Discussion Group Features: Message Rejection Rules: Etiquette.
Maximum Posts Per Member
On a discussion mailing list, some people occasionally write the majority of the email messages, thereby stifling the conversation and keeping other people from feeling comfortable posting their messages. Also, some people may write several small messages, when it would be better if they had combined their thoughts into one message.
For these reason, you may want to impose a maximum posts per member, per day limit. If a member goes over this limit they must wait until the next day to post another message. See Utilities: List Settings: Discussion Group Features: Message Rejection Rules: Etiquette.
Reject Email Attachments
Many email programs include attachments automatically when they send messages out. Sometimes, these attachments are a graphic logo of the mail program, sometimes they are a digital signature and sometimes they are files for other purposes. Some people prefer their mailing lists to only contain "pure" email, with no attachments, and want to reject messages that contain attachments. A Match Phrase can be set up to scan for attachments and reject messages that contain them.