On 05/16/2017 08:17 PM, Daniel Kahn Gillmor wrote: > > surely it's easy for an attacker to guess moderation-free sender > addresses by a quick scan of the list archives as well.
Only if there are public archives. I realized I am more or less immune from this attack for my several production lists. The lists are all @example.org (obviously not the real domain) and the list owner is listmana...@example.org which is a forwarder to the real list admins and is not a member or authorized poster of any of the lists. It was set up this way because we have a number of such forwarders for various functions and having a generic address for a function is a convenience that avoids people mailing the wrong people when responsibilities change, but a side benefit is the address exposed on web pages can't post without moderation, plus one could add it to discard_these_nonmembers and never see posts From: that address. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9