[Mailman-Developers] UI for Mailman 3.0 update

Barry Warsaw barry at list.org
Wed Jun 16 21:26:40 CEST 2010

On Jun 16, 2010, at 12:33 AM, Cristóbal Palmer wrote:

>Are you saying that no scripts/bots can automatically sign up for
>mailman lists? I get plenty of signups like "qneu456na at nanke62w.net"
>that suggest otherwise. I should take the time to log those and send
>them to you, perhaps? After my masters paper...

Only if I can send you all the bounces and unsubs I get every month on Mailman
day. :)

>Okay... now that I've put all this energy into this explanation, I'll
>admit: spam to list owners, especially of the "Dear $LISTNAME owner,
>we at $SITENAME security need you to reset your password. Please find
>instructions in the attached .zip file..." were a much bigger problem
>a couple of years ago (surprisingly even after implementing SA) until
>I decided to block .zip and several other mime types at the MTA
>level. So if y'all have no interest in doing any reCAPTCHA
>integration, I'll just spend that much more time making anti-spam
>tweaks at the MTA level, and I'll field one or two more "I'm a
>moderator and I'm dealing with a lot of spam here" tickets every now
>and then.

Two points: antispam defenses are always going to be better done in the MTA
upstream of Mailman.  We may provide some hooks to allow integration with
SA/spambayes/clam/etc. but just seeing the cpu these take up on my measly
server I do not think I want such a check running on everything teh intarwebs
can throw at your lists domain.

Second, I intend to pass -owner email through a pipeline the way posted
messages go through, so you will at least have the opportunity to do some
content and other checks on the message before they're forwarded to the

>That's another point, come to think of it: I've had plenty of time and
>experience running a couple of decently-sized mailman installs, but
>what about the many, many people who have less experience running
>mailman? The easier we make it for them to make it hard on spammers,
>the better.

Yes, we should be opinionated and make reasonable defaults so that it's easy
to install and run a working system, with good tradeoffs between usability,
functionality and security.  These are not always easy tradeoffs to make.

>A final note: are there any published user studies on mailman? I see
>your ATEC '03 and LISA '98 presentations in the ACM portal, and I see
>http://www.gnu.org/software/mailman/otherstuff.html ... but nothing
>else turns up in google scholar. Please point me to other research on
>mailman and its user base if it exists. If it doesn't, maybe I need to
>make that happen....

Terri was talking at one point of contracting such research, and I think some
is being done as part of the GSoC work.  None exists that I know of.  If
you're offering, I'm sure we would love to have some additional solid
usability studies, especially focused on helping to guide Mailman 3 design.

>Thanks so much for all the work all of you do. It really is a pleasure
>and a privilege to be involved.

Thanks to you and everyone who contributes to Mailman development.  It truly
is a great community.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20100616/540b5156/attachment.pgp>

More information about the Mailman-Developers mailing list