[Mailman-Developers] Password recovery

Roberto Perez rgpg at technologist.com
Thu Dec 25 16:32:30 EST 2003 

Hi,

I hope I can get some insights into this problem.

I've been using Mailman in our university to administer a number of lists, 
and the web interface has worked well so far for us. However, in the recent 
weeks we have learned a spammer has subscribed many of our email accounts 
to his own mailman system (on a server outside the US), and has disabled 
the web interface. This means no one can get a reminder of their passwords 
to unsubscribe via email (since when an administrator subscribes users no 
password is sent).

As it is now, Mailman is being used to keep those accounts "captive" and 
bombard them with unsolicited email. So the purpose of my email is twofold:

** Development:
- I strongly believe now email commands should also include a password 
reminder/recovery feature, so that in cases like ours users can still get 
their passwords and unsubscribe via email. Currently a password can only be 
recovered via the web interface (which a spammer can disable).

- I also think when the administrator enrolls users, the passwords should 
be sent as a default, with no possibility of disabling this feature. This 
would cut down on misuse of Mailman as the one described above.


** Management:
- This is a generic question to all managers: if
- a Mailman list does not offer a web interface to recover a password to 
unsubscribe,
- the manager does not reply to unsubscription messages,
- the bounce utility has been disabled (so sending fake "Returned mail" 
messages does not trigger unsubscription),
- the monthly password reminder has been disabled,
- the Mailman server is outside the US (so reporting to the FCC is useless),
- and the list is being used to bombard subscribers who did not subscribe 
themselves...
...how else could unsubscription be achieved in Mailman? I know that users 
could put filters, but I'd like for the messages to stop instead of having 
to put patches here and there on each user's machine...


Thanks in advance for any pointers/ideas/suggestion you may have.


Roberto Perez
rgpg at technologist.com

More information about the Mailman-Developers mailing list