[Mailman-Developers] Re: Password on the wire again!

David Champion dgc@uchicago.edu
Mon, 5 Aug 2002 11:51:56 -0500

* On 2002.08.04, in <20020804220319.GP19654@merlins.org>,
*	"Marc MERLIN" <marc_news@merlins.org> wrote:
> Ahahaha, I'm happpy I'm not the one who get the insults for sending
> cleartext passwords every month :-)

Not the only one. I'm tired of those, too, but unfortunately I agree
with that passwords shouldn't be automatically mailed out, even if the
signup page does say that passwords should not be secure passwords.

We modified mailpasswds to send out URLs, posting addresses, and admin
addresses with no passwords, and a nice banner clearly stating that
passwords and unsubs should be obtained at the URL. People still can't
read and process that much at a sitting, though, so it also states that
no one will read replies, and the patches mailpasswds makes good on
that by sending from an alias address plugges into an autoresponder
that re-emphasizes the URL and mentions again our site contact address,
for anyone with real problems who cares to read that far. It stuffs the
autoresponder's to: address into an NBDM to prevent mail loops, and
erases the NDBM each month right before mailings go out.

It's cut us down from about 1200-1500 junk messages each first of
the month to about 15 messages, most of which we actually have a
service-oriented response to. This is a big improvement from saying
"reread the message we already sent you" hundreds of times.


 -D.			Fresh fruit enriches everyone.  Takes the thirst
 Sun Project, APC/UCCO	out of everyday time.  A pure whiff of oxygen,
 University of Chicago	painting over a monochrome world in primary colors.
 dgc@uchicago.edu	We all know that.  It's why everyone loves fruit.