Speaking of tradeoffs, it's my opinion that hiding archives behind a password protection scheme for fear that the administrator, who probably deals with oodles of email anyways and is probably the *most* experienced person in regards to email filtering etc, is a poor one.
The archives for a list I run happen to get around 100K referers from google a month, and again IMO, blocking those people out just because I'm getting 5 spams a month doesn't seem like the best idea.. Mailing lists by their nature facilitate communitcation between people, and shutting people out of past or current communication to block out a small to moderate amount of crap goes against that.
Instead of just waxing poetic, one solution I've come up with is to block the spambots out from the archives, not the users. Using Apache to Stop Spambots: http://evolt.org/article/mmdev/18/15126/index.html
I've just finished the follow up to that article and it will hopefully get published today. It deals with some of the concerns people brought up regarding User-Agents.. If anyones interested, I'll fwd it on when its live.
As an aside, how many that run 'larger' lists get a lot of spam? Using the same email address for list-admin going on 3 years now, I can probably count on my fingers and toes how many spams I've gotten to that address.
At any rate, I know what you're saying Chuq, just wanted to offer the counter-point ;)
On Mon, 18 Feb 2002, Chuq Von Rospach wrote:
The second issue is to prevent the email addresses of list members from being harvested from the archives.
Short answer; archives go behind a password. You authenticate access. Don't go over-fancy with images and scan/replace stuff. Right now, I have a hardwired password. Once 2.1 hits beta, I plan on working towards a solution that authenticates in apache to a mailman-subscribed address. I simply haven't had time yet.