On Fri, Jan 22, 1999 at 10:05:56PM +0000, Michael C. Berch wrote:
> The open lists hosted at GreatCircle.COM (including List-Managers and the
> Majordomo-{Users,Workers} lists) have always been considered public
> and neither the contents nor the identities of the posters are
> considered confidential. The Majordomo "who" and "which" commands
> for these lists remain open, which I believe is still the default
> in the config file in the Majordomo distribution.
It may be the default in the 1.94.4 distribution but that doesn't mean it's
the correct setting *now*, sixteen months after that distribution was
released. Spammer harvesting of mailing lists is a bigger problem now than
ever; I would like to strongly suggest that the lists on greatcircle.com be
properly secured against this particular form of abuse. I get enough junk
mail as it is.
> (We do use subscribe-confirm and restrict postings to list members to
> prevent abuse and spam, of course.)
Well then, why don't you close off "who" access as well? It's as big a
potential source of problems as nonmember posting -- more so, in fact, because
you can always turn off nonmember posting if a list becomes a target that way,
but once the spammers get the addresses of all the subscribers to a list,
there's no way to close the gate anymore.
> Attempting to hide the e-mail addresses of contributors to the
> lists would be a very difficult burden, since not only would some
> useful features of Majordomo be disabled, we would also have to
> disable features of sendmail, and most importantly, it would require
> that the entire archives (including both those hosted here and those
> maintained and indexed by third parties) be redacted to remove author
> e-mail addresses. I don't think it's worth it.
Because could always break into your house through a window, you don't want
to lock the front door?
--
Lazlo Nibble - [EMAIL PROTECTED] - http://www.studio-nibble.com
this message powered by sparks - plagiarism
--
