I've had a request to join our list under a false name. If I enter their real name in the Member Name field so I can tell who they are, who else can ever see that? The member controls the display name used in list messages, don't they?
Peter Shute
Sent from my iPad
On 06/13/2015 02:04 PM, Peter Shute wrote:
I've had a request to join our list under a false name. If I enter their real name in the Member Name field so I can tell who they are, who else can ever see that? The member controls the display name used in list messages, don't they?
The member's real_name attribute can be exposed in various ways.
- The results of the email who command
- The web roster beginning in 2.1.19 if the site allows it
- The display name in a Munge From or Wrap Message From: if the original post has no display name.
If the list's Privacy options... -> Subscription rules -> private_roster is set to List Admin Only, then only someone authenticated as admin can see 1) or 2).
If the list's from_is_list setting is No (this setting is deprecated and should normally be No, use Privacy options... -> Sender filters -> dmarc_moderation_action instead) and the user's address in not in a domain with a domain with a DMARC reject or quarantine policy, then 3) is probably OK, but it's only certain if neither from_is_list nor dmarc_moderation_action is Munge From or Wrap Message.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thanks, I think we're safe from all those methods, but I also think it would be safer to leave the name blank, just in case something changes.
Peter Shute
Sent from my iPad
On 14 Jun 2015, at 9:49 am, Mark Sapiro <mark@msapiro.net> wrote:
On 06/13/2015 02:04 PM, Peter Shute wrote: I've had a request to join our list under a false name. If I enter their real name in the Member Name field so I can tell who they are, who else can ever see that? The member controls the display name used in list messages, don't they?
The member's real_name attribute can be exposed in various ways.
- The results of the email who command
- The web roster beginning in 2.1.19 if the site allows it
- The display name in a Munge From or Wrap Message From: if the original post has no display name.
If the list's Privacy options... -> Subscription rules -> private_roster is set to List Admin Only, then only someone authenticated as admin can see 1) or 2).
If the list's from_is_list setting is No (this setting is deprecated and should normally be No, use Privacy options... -> Sender filters -> dmarc_moderation_action instead) and the user's address in not in a domain with a domain with a DMARC reject or quarantine policy, then 3) is probably OK, but it's only certain if neither from_is_list nor dmarc_moderation_action is Munge From or Wrap Message.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/pshute%40nuw.org.au
Peter Shute writes:
Thanks, I think we're safe from all those methods, but I also think it would be safer to leave the name blank, just in case something changes.
You are right about safer, but note that at least one Mailman developer (me) would consider inadvertantly exposing more personal information in a future version than we do now to be a regression, and a fairly high priority one at that. Unfortunately, privacy is not something we can take lightly these days.
Stephen J. wrote:
Thanks, I think we're safe from all those methods, but I also think it would be safer to leave the name blank, just in case something changes.
You are right about safer, but note that at least one Mailman developer (me) would consider inadvertantly exposing more personal information in a future version than we do now to be a regression, and a fairly high priority one at that. Unfortunately, privacy is not something we can take lightly these days.
The sort of changes I was referring to were us changing the settings for our installation of mailman. I think that's way more likely than future version changes.
participants (3)
-
Mark Sapiro -
Peter Shute -
Stephen J. Turnbull