[Mailman-Developers] before next release: disable backscatter indefault installation

Jo Rhett jrhett at netconsonance.com
Wed Mar 5 02:08:52 CET 2008


On Mar 4, 2008, at 3:28 PM, Mark Sapiro wrote:
>> 1. Don't create backscatter aliases for subscribe/unsubscribe/etc by
>> default.  Nearly everyone uses web based signup.
>
> Do you have data to back up this assertion?

Sure.  I used to work for an ISP with 1400 lists and ~4 million  
subscribers across them.  I disabled all the backscatter aliases 4  
years ago, and haven't heard a single complaint.  I expected at least  
one complaint, but never got one.  (whining from people who I asked  
to change their web page about their mailing list, but not a single  
complaint from an actual user)

> Even if we wanted to do this, it is non-trivial. All confirmation
> messages and their templates and translations would have to be changed
> to remove references to confirmation by email.

Text changes are trivial.  Code changes require work/testing/etc.

>> 2. Discard or hold messages from non-subscribers by default.
>
> The Defaults.py setting for DEFAULT_GENERIC_NONMEMBER_ACTION has been
> Hold from the beginning.
>
> Perhaps you are thinking of the respond_to_post_requests setting.

*shrug* I don't remember the difference offhand.  I don't run that  
mailman instance any more, I just deal with the backscatter abuse  
reports.

> Do you object to any response at all, or just to responses that  
> include
> the original message text?

Any response sent to an innocent victim of forgery.

> If the former, then you must object to DSNs
> from MTAs as well. If the latter, that is planned to be addressed in
> Mailman 2.2.

Of course we object to DSNs from MTAs.  No shipping mailserver  
currently sends DSNs to accepted mail by default.  Most of them  
haven't for like 10 years.  And yes, we absolutely ban qmail from use  
unless the person patches it to the moon to solve its problems.

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source  
and other randomness


More information about the Mailman-Developers mailing list