On Thu, 30 Apr 1998, Jeff Wasilko wrote:
> Confirmation and hiding the lists are defaults when I create the
> list.
>
> Site owners play an important role in preventing list abuse...
I agree. Site mangers do play a key role in preventing list abuse.
On my listproc, I do not allow open subscription setups. I hide the
subscriber list by default. I do allow the listowner to choose an
open subscriber list... They have to convince me why their subscriber
list should be exposed. On very small, very private lists, the risk
is minimal. At least with listproc, the subscriber list is only
available to other subscribers when the subscription confirmation is
turned on.
I have seen many attempts to gather all subscriber addresses on all
advertised lists at my site. As mentioned before, mailing list
subscriber addresses are a premium find for spammers. Nearly every
address on an active mailing list is a valid recipient. The anti-spam
folks are making it more difficult to gather valid addresses from the
Web and Usenet. Expect more address-harvesting attacks on mailing
lists in the future.
Speaking of general security issues, if your list is well known and
unmoderated, see if non-subscribers can post. A Spamford need not
gather your subscriber addresses if all they have to do is make a post
to your list to distribute their spam. Unless you have a special
reason to differ, unmoderated mailing lists should only accept posts
from list subscribers.
- murr -
