Groups in Siteworx - Will this open relay be addressed in 3.0?

The Groups function in SiteWorx is a neat feature. And with InterWorx focus on security I would think that something will be done so that the Groups will not act like a OPEN relay to Spammers.

I personally like the feature and use it but had to shut it down as it casued one of my servers IP to be Blacklisted because of Spam.

Will any type of security be added to Groups to make it work similar to MajorDomo or some other scheme to make the Groups not act as a Open Email Portal for every Spammer in the world?

Thanks’

[quote=R-n-R;9635]The Groups function in SiteWorx is a neat feature. And with InterWorx focus on security I would think that something will be done so that the Groups will not act like a OPEN relay to Spammers.

I personally like the feature and use it but had to shut it down as it casued one of my servers IP to be Blacklisted because of Spam.

Will any type of security be added to Groups to make it work similar to MajorDomo or some other scheme to make the Groups not act as a Open Email Portal for every Spammer in the world?

Thanks’[/quote]

How the Groups feature cause you to get into a spam database? The FROM is never changed, it merely relayed the message to addressew which were added to the Group by you or the website admin.

The point of these groups is to in essence to have an alias that goes to more than one address (you can’t do this with regular aliases in SiteWorx). It’s not meant to be a “mailing list” in any sense.

For example you can create a list management@ which goes to your CEO, CTO, VP of Sales, VP of Development, etc. Closing it (i.e. making it so that only a member of the group can send to it) will eliminate this functionality.

Do you have a specific suggestion on what we could do to to keep this functionality and yet make it more secure?

OH, this is simple. One of the ways I have used groups is a mailing list to broadcast to all our immediate friends. When this mailing list was on the Ensim server and we used Major Domo that is built into Ensim. When we used this on the Ensim forum it was really nice, NEVER had any type Spam come through the system and work like a ccharm for what we where using it.

However since I moved my personal site to the IW server I set up our little email community using Groups. Since the start of this We ALL have been hammered with SPAM. And it has caused my server IP to be placed on Spam blacklists at the ISPs of some of my friends ISPs. Like I say this has never happened before and it appears this isnt really a goo tool for the way we where using it, thus I have stopped and looking into other alternatives to send closed emails.

[quote=IWorx-Tim;9636]The FROM is never changed, it merely relayed the message to addressew which were added to the Group by you or the website admin.

The point of these groups is to in essence to have an alias that goes to more than one address (you can’t do this with regular aliases in SiteWorx). It’s not meant to be a “mailing list” in any sense.

For example you can create a list management@ which goes to your CEO, CTO, VP of Sales, VP of Development, etc. Closing it (i.e. making it so that only a member of the group can send to it) will eliminate this functionality.[/quote]

Yes, I fuly understand that concept of using Groups, as long as its used in that sense one has a better control over it. However, and unfortuately not all my hosting customers are business, a lot of them are just private sites and Groups will not be used this way. Thus the problem.

You know this is a very good question, after seeing the intent, and the actual applications Groups can be used, I would suggest this, not sure if its a good idea or not, but limit the use of Groups to Internal Emails ONLY, no outside emails. Meaning, if a Siteworx account is set up as mydomain.com and maybe a pointer, hisdomain.com, only allow emails to be sent to email boxs set up using the primary domains and pointer domains.

This way you could send a email to to your CEO, CTO, VP of Sales, VP of Development, etc, they would all be internal emails.

As it is now, Groups can be used wrong and not intentially either, can cause a LOT of spam for those on the mailing list.

For this I’d suggest you just install mailman, it’s not as complicated as you might think and would do what you got from majordomo before. For that matter you could install majordomo, you just wouldn’t get any gui for it.

You know this is a very good question, after seeing the intent, and the actual applications Groups can be used, I would suggest this, not sure if its a good idea or not, but limit the use of Groups to Internal Emails ONLY, no outside emails. Meaning, if a Siteworx account is set up as mydomain.com and maybe a pointer, hisdomain.com, only allow emails to be sent to email boxs set up using the primary domains and pointer domains.

This way you could send a email to to your CEO, CTO, VP of Sales, VP of Development, etc, they would all be internal emails.

You’re the only one I’v ever seen have this problem. Are there others for whom this is an issue?

I’d agree with you except that it’s not always guranteed that the address will have the same domain name. Closing this “hole” could end up causing more of a headache than it solved. Some companies have multiple domains and there would also be the CEO who would want the mail sent to theor home account as well.

We’ll keep your feedback in mind for future releases, thanks for sharing :smiley: