[Mailman-Users] display members moderator flag
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Thu Aug 4 23:06:17 EDT 2016
Beu, Ed (DOA) writes:
> We've discovered that if the Unsubscribe_Policy is set to Yes (1),
> the moderator can unsubscribe members without the members input!
> The member simply gets a notice that they've been unsubscribed.
But that means that *anybody* can unsubscribe a member, since only
moderation is enabled by the moderation password, not other list
management features such as subscription management. So there is
apparently no authorization or authentication required to unsubscribe
someone.
That may be OK in your environment if nobody knows about it (it's too
much to expect that in a large organization there's neither malice nor
mischief about!), but you may need to change policy if you get a spate
of unexpected unsubscriptions. You also should avoid "one click"
unsubscription footers.
--
Associate Professor Department of Policy and Planning Science
http://turnbull/sk.tsukuba.ac.jp/ Faculty of Systems and Information
Email: turnbull at sk.tsukuba.ac.jp University of Tsukuba
Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN
More information about the Mailman-Users
mailing list