Richard Wackerbarth writes: > The current design of the Postorius and Hyperkitty web interfaces > to the mailing list and its archives uses the fully qualified list > submission email address as a component of the URLs presented to > the public. > > I fear that doing this will create an even greater invitation to > those who harvest email addresses for the purpose of spamming and > other nefarious reasons.
I think this is overblown. These email addresses are almost certainly easily available to spammers in other ways if they're going to be visible to the public in the web interfaces. (Consider List-Post, for example.) If we're going to be paranoid about this, we should also refuse to subscribe users with Microsoft browsers and MUAs on the grounds that they're far more likely to have their address books stolen. :-) OTOH, a lot of people do worry about this. We should definitely consider getting those addresses out of the URLs to make it easier for the security-with-obscurity crowd to lock down their sites for any reason they choose. > I think that we should rethink this decision and follow a "slug" > approach to the identification of the mailing lists in URLs. Those > who choose to do so can use the fqdn as their slug. But others > would be able to readily change the mapping without having to > rewrite significant parts of the interface code. +1 It might be worth reviewing all the uses of URLs to see which ones can be dispensed with (ie, have such "slugs" substituted), and which ones are essential to functioning of Mailman (eg, List-Post, which may be suppressed at list-owner option, but if not, must contain the posting address). _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
