-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 4, 2008, at 8:13 PM, Cristóbal Palmer wrote:
On Tue, Mar 04, 2008 at 03:28:22PM -0800, Mark Sapiro wrote:
The Defaults.py setting for DEFAULT_GENERIC_NONMEMBER_ACTION has been Hold from the beginning.
We've recently set this to 3 (Discard) for new lists. Please explain the argument for keeping the default as Hold for the long term. I believe it should be Discard, but can think of at least one argument for keeping the current default. I'd like to hear development team's line.
More and more lists are requiring membership for posting privileges,
so I'm sympathetic to this change (but not for 2.1!). OTOH, I think
there are ways that we can do this but still relax the constraint for
well-known non-members.
For example, in MM3 the data model has been improved so that you have
a single user object that ties in all your subscriptions. No more
multiple passwords or options (unless you want the latter), no more
multiple accounts for each of your email addresses.
What if in the future, your site had 1400 lists, the membership
databases of which were driven from your site's membership rosters.
Now, someone you've never heard of before posts to one of your lists.
You probably discard this (although there /are/ arguments to be made
for some lists holding these messages instead).
But let's say that I join your site and register an email address.
Now I post to one of your lists which I haven't explicitly subscribed
to. But you know me so do you discard the message, hold it, or let it
through? Let's say you hold it, and a list admin approves it, saying
"hey this guy looks legit". Let's say you do this 5 times across 3
different lists. I'm probably not a spammer, right? So maybe now I
can post to all your lists without being held.
Anyway, it's things like this that I think can be used to help reduce
spamming on the list while letting legitimate traffic through, without
Mailman becoming spamassassin. OTOH, in MM3 it'll be much easier to
integrate something like spamassassin than it is in MM2. I'm not
saying that's a /good/ thing since spam still is better off getting
caught in the MTA, but this kind of thing is possible.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkfPJycACgkQ2YZpQepbvXHQ8ACgiMNs46R8OcItJtjoCAbIQHaO a2AAnif160xr7GhjOWWQ6Qvcxle7f70R =TyH6 -----END PGP SIGNATURE-----