Informatively reject mail-command attempts to subscribe

already-subscribed members.  (The prior checkin was for web-based
subscription attempts.)

NOTE that both these already-subscribed actions can constitute privacy
leaks - someone could venture subscription attempts with addresses
which they are trying to test for already-existing membership - and
this response will provide unequivocal confirmation in the cases when
the addresses are subscribed.

One possible remedy is to send the refusal to the address being
subscribed.  This way the person taking the action gets no additional
info unless they have access to the subscribees email channel.
Problem with this is that it complicates the mail-command refusal
process substantially, since it's currently geared, very simply, to
send the refusal to the requesting address.  Do we think the privacy
leak is important enough to fill this hole?

0 files changed, 0 insertions, 0 deletions