[Mailman-Users] Privacy issues with the mailman options page.

Tim Hunt timhunt at timhunt.freeserve.co.uk
Mon Apr 22 19:55:39 CEST 2002


Given someone's email address, say test at add.ress, I can discover whether
they are subscribed to this list by visiting:

<http://mail.python.org/mailman/options/mailman-users/test%40add.ress>

If they are, I could then mail bomb them in a fairly untraceable way by
clicking on the "Mail My Password To Me" button a lot.

This is not a very big deal, and I am sure that I am not the first to think
of it, but I could not find a discussion of it anywhere (e.g. by doing a
Google search of the list archive.) If this is discussed somewhere, I would
be most grateful for a pointer.

As far as I can see there is no easy way round this. Is there an option I
can set as list manager that I have overlooked?

I suppose that one solution to the "Mail My Password To Me" button problem
would be to send out at most one message per hour in response to click on
that button, or something like that.

Tim.







More information about the Mailman-Users mailing list