What is the "OK" Confirmation?
To increase security, there are a number of actions for which LISTSERV requires confirmation before proceeding. In some cases, LISTSERV will accept a password-based validation. In other cases, email confirmation is required. When the latter happens, LISTSERV sends an email message with a subject line such as:
Subject: Command confirmation request (787EF897)
The string of letters and numbers in parentheses (“787EF897” in the example) is called a “cookie” (sometimes referred to as a “confirmation code”) and is different for each request.
Once an “OK” confirmation request is sent out, you must confirm it within 48 hours in order for the corresponding command to be executed.
There are three methods of confirming a command:
- To confirm using the Web interface, click on the link provided in the email message sent to you.
- To confirm via email, reply to the email message keeping the Subject line and cookie intact. In the body of your reply, type “OK” (without the quotes).
- Alternatively, you can send a new email to email@example.com with a blank subject line and the body of the message containing the text “OK xxxxxxxx” where “xxxxxxxx” is the cookie from the original confirmation request email.
The cookie is the most important part of the “OK” confirmation. LISTSERV randomly generates a new cookie for each action that requires validation. All privileges within LISTSERV are tied to an email address. Only someone with access to your email address can make changes to your LISTSERV account.
Caution: Never “OK” a cookie blindly. Make sure you are confirming a command that you initiated or a message that you want distributed to the list. Several cases of list “hijacking” or spam sent to well-secured lists have been tracked back to a list owner or moderator absent-mindedly clicking an OK link that they should not have clicked.