[Mailman-Users] Challenge/Response

vancleef at lostwells.net vancleef at lostwells.net
Sat Feb 10 18:42:13 CET 2007

> The problem remains, however: How do I prevent spoofing? In this case they
> have a real fear due to a board member who is soon to be ejected from the
> board and have organizational membership taken away. They feel he is capable
> (both emotionally and technically) of major disturbances on one or more of
> about a dozen mailing lists the organization maintains.
> What makes this even more of a Œchallenge¹ is that the account is on a
> shared server.
I think that you're trying to deal with a sociological problem here.
I'll presume that the organization is prepared to make a statement
about this personnel action.  In general, that's a Public Relations
issue, not a technological one.

I'll also presume that the individual who is involved does not have
administrative access (root, etc.) to the Mailman host site.  The site
administrator(s) need to be informed of the action that is about to
take place, and told to secure the site appropriately, etc.  

So far as handling any fall-out from this action on one or more mail
lists, I'll suggest that you have list moderators (list administrator
level, but the job is "moderation") prepared to weather developments.
It would be very wise to have somebody in a list administration role
who is prepared to handle Public Relations handling of the fallout
from this action.  

Technically, start with embargoing the individual's known accounts
(unsubscribe, or at least put on moderation, and use the Mailman 
filters to catch probable variations, prevent posting from
non-registered addresses, and require moderator review of new
subscriptions).  Then, wait for developments.  

Experience with this sort of thing suggests that the problem
individual will try to post, and will ultimately succeed, but will
have built up such a head of steam that the post will lose whatever
support the individual might have had.  

Mailman has some very good resources a savvy moderator can use
effectively for damage control.  The ultimate weapon, of course, is
putting the entire list on emergency moderation.  

I won't go into detail here, but the major list I set up a Mailman
host site for survived a split between the two co-founders, in which
one was "fired," about three years ago.  The individual who was
removed did have several "bogey" addresses, and once he discovered
that his main addresses were moderated, blew a fuse and posted a
couple of real flames, some months afterward.  Net effect: six
resignations (out of 2500 members),  and some offlist discussion about
"if this is the way the guy really is, who needs him?"  


More information about the Mailman-Users mailing list