[Mailman-Developers] Preventing spam to list admins.

J C Lawrence claw@kanga.nu
Mon, 27 Aug 2001 11:23:35 -0700 

On Mon, 27 Aug 2001 09:27:30 -0700 
Chuq Von Rospach <chuqui@plaidworks.com> wrote:

> But -- it's a legitimate problem. You can't exactly hide those
> pages behind a security realm. As Mailman is structured, you can't
> really remove them, and there's no way to protect them.

I would argue conversely that listname-owner@domain needs to be
publicly known and accessable in the same way that postmaster@domain
is.  The fact that postmaster is now often used as an alias for
/dev/null is unfortunate, but seems to be part of the territory.

> This has to be fixed in 2.1, if not before. I think the answer is
> to hide the e-mail addresses in some way, probably by having a
> mail-to-the-admin CGI, where only the admin's NAME is accessible
> publically, and Mailman handles forwarding mail to them.

> In retrospect, this problem is painfully obvious to me, but
> personally, I'm simply numb to having my e-mail address
> harvestable. But I think, in general, it's a bad idea to put any
> e-mail address on a page, and I think you can't programmatically
> obfuscate stuff, either (it'll be interesting to see whether
> slashdot's new random-obfuscate system actually works, or whether
> the harvesters will simply be able to figure out how it's
> obfuscated and eat the addresses anyway... I'm not hopeful)

I'd go two fold:

  Leave it exactly as-is as the default.

  Allow the HTML footers that are currently placed on the bottom of
  the list pages to be editable such that on a per-site/list basis,
  if needed/wanted you could remove them, point them to something
  else, etc.

Sure, adding a web form blinder to Mailman might be nice as an
optional feature, but in a great many circumstances that address
needed to be exposed (and should be).  We shouldn't mandate the CGI.
The cheap approach is allow for edits and substitutions and then
later perhaps add some of those substitutions in as optional
features.

-- 
J C Lawrence                                    )\._.,--....,'``.	    
---------(*)                                   /,   _.. \   _\  ;`._ ,.
claw@kanga.nu                                 `._.-(,_..'--(,_..'`-.;.'
http://www.kanga.nu/~claw/                     Oh Freddled Gruntbuggly