25-Jan-04 at 22:21, Ed Wilts ([EMAIL PROTECTED]) wrote : > On Sun, Jan 25, 2004 at 11:17:34PM -0500, Brian Haines wrote: > > I am very interested in the topic of configuring Mailman to allow > > subscribe/unsubscribe requests without a password. From the archives Simon > > White offered something of a solution and was willing to share it, but his > > email was not in the message (as it should be).
Have you seen how much spam I get already, without leaving my email open to even more harvesters? It's inconvenient but I don't have time to create some clever anti spam scheme at the moment (server too low spec for any kind of heuristics). > > I would be interested in Simon's or any other's solutions or thoughts on a > > solution. I put up a web page here: http://mediadev.homelinux.net/mailman.html > You should be aware that there are morons out there that will try to > spam your lists with messages and probably fake subscribe/unsubscribe > messages. If you allow for an Internet-wide subscribe without > confirmation, you could easily be classified a spammer and end up on > blackhole lists. You better know what you're doing before you dig into > this. It isn't that hard for a user to subscribe or unsubscribe > themselves. Admins, of course, can do it for them with the utilities I > listed above or via the web pages. You make an important point, Ed. However, there are a number of mitigating circumstances for most admins. They do not want to have to handle subs/unsubs manually. If a spammer starts to abuse a list managed by a conscientious admin, then the potential problems that arise are usually minimised. I haven't made it too easy to allow unconfirmed subs/unsubs in my scripts because of this. You have to have root access to the console in order to install the scripts, and I haven't released a patch to the Mailman source. (As an aside, I did send a patch for the remove_members script on a separate issue, never got any feedback about that). Are spammers are going to make a bad name for Mailman if they download and screw around with my scripts? Perhaps. But they could equally do damage (and in a less complex manner) with the standard tools available with Mailman. So I don't consider that I'm lowering the bar here. In my opinion, for most lists that I have ever managed or sub-managed for a manager that isn't a techie, subscribing and unsubscribing is hard. Indeed, unsubscribing requires a password, something that a lot of newbies or even longtime casual web users are visibly not able to fathom. The law in some countries implies that email unsubscription should be simpler than that. I put the emphasis on unsubscribing anyway. Automating subscription without a confirmation email (which is just a simple reply mechanism) is probably NOT a good idea. Automating subscription before making all posts require approval is NOT a good idea. I automate subscription without confirmation on my install on the provisos that all it is a once monthly announce list only. Also, the confirmation email is in English (or was at the time), whereas the list subscribers are all French, so every new subscription caused emails to the admin saying there was a bug in the subscription and they had this "strange English error message". Regards, -- Simon White. Internet Consultant, Linux/Windows Server Administration. email, dns and web servers; php javascript perl asp; MySQL MSSQL Access Bridging the gap between management, HR and the tech team. ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org