[Mailman-Users] [Mailman-cabal] GDPR

Grant Taylor gtaylor at tnetconsulting.net
Mon May 14 18:25:37 EDT 2018

On 05/14/2018 04:02 PM, Ángel wrote:
> IMHO they would mostly fail under §18 and GDPR wouldn't apply:


What happens if a subsequent data breach (malware / infection) causes 
said individual archives to become public information?  }:-)

> Of course, if a company was using the mailing list to process personal 
> data, it should have been stated the whole time.

I half way suspect this happens much more commonly than you might think.

I've seen info@ or sales@ or the likes positional addresses be front 
ends for mailing lists (of one form or another) that redistributes the 
email to multiple (usually) internal (usually) employees.  I have never 
seen these types of expansion contacts disclosed as such.

> Being nitpicky. What about sysadmins subscribed to this list as part 
> of their professional activity ?

I know that this happens.  But I would argue that the SA should not 
subscribe themselves.  Instead there should be an additional monitoring 
email address specifically for that purpose.

I'd really like to see an intelligent Mailing List Manager have the 
ability to subscribe an address like this that is used as a feedback 
loop.  I.e. Did the MLM receive a copy of the message that it sent 
yesterday.  I'd assume that it would be something like 
<$list>-fbl@<$list_domain> to avoid recursive loops.

That would allow the MLM to self monitor and escalate if there's a problem.

Grant. . . .
unix || die

More information about the Mailman-Users mailing list