At 11:22 PM +0200 2006-08-30, Bretton Vine wrote:
(no criticism intended to developers, but I have to ask:) Was this requested by users; were users involved in this decision; or was it a case of developers deciding for users what they thought was best given the environment of email/lists from the developer perspective?
The developers *are* the original users. They wrote Mailman for themselves and their own needs, and were willing to share that with others. What has happened since is that a variety of other features have been added over time, based on their own requirements and desires as well as input from others.
But all of the core developers are also heavy users of Mailman, both on python.org and on other mailing list servers -- including some of the largest known Mailman-hosted mailing lists servers.
Personally, I believe it to be a reasonable default.
I don't disagree. However the documentation is clear that BCC'ing a list will result in administrative oversight (if setting is'on'). But not very clear as to why a TO:list;CC:3rd-party would result in the same by a post from a list member who is authorised to post.
I'm not convinced that your case is what you think it is. I have not heard enough details about the problem to know for sure.
We've found relatively little spam making it to any lists as it is. By just how much a margin will turning the setting off impact on posts from non-members reaching the list is non-member posting is already disallowed? Is it just theoretical, negligible or will have it have major impact?
The answer is "it depends".
This week, changing this setting may make no visible difference, but next week you might get bombarded with spam being sent to the list which does not include the list address as a named recipient in either the "To:" or "Cc:" headers.
Every site is different. Every list is different. Every month is different. Every week is different. Every day is different.
Pick out which of these different issues apply to your different situation, and then figure out which different answer applies to your case.
In terms of our logs, the "message has implicit destination" occurs maybe once for every 50 or so "post by non-member/unapproved-address to member-only list" so if you look at it from a higher level service provider approach it doesn't seem like it would make much of a difference, and therefore is unnecessary to leave the setting enabled.
At some sites, you're not going to see this kind of spam very often. At other sites, you see boatloads of it on an hourly basis. It all depends.
We prefer to have this option default to "on", because it is safer that way, and people can always choose to set their choice to be more permissive. The reverse would be much worse for sites that have these kinds of problems, especially if those sites tend to be administered by less Mailman-savvy personnel, since a great deal of damage could be done in a very short period of time.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755Founding Individual Sponsor of LOPSA. See <http://www.lopsa.org/>.