[Mailman-Developers] before next release: disable backscatter indefault installation

Thu Mar 6 00:05:08 CET 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mar 4, 2008, at 8:13 PM, Cristóbal Palmer wrote:

> On Tue, Mar 04, 2008 at 03:28:22PM -0800, Mark Sapiro wrote:
>>
>> The Defaults.py setting for DEFAULT_GENERIC_NONMEMBER_ACTION has been
>> Hold from the beginning.
>
> We've recently set this to 3 (Discard) for new lists. Please explain
> the argument for keeping the default as Hold for the long term. I
> believe it should be Discard, but can think of at least one argument
> for keeping the current default. I'd like to hear development team's
> line.

More and more lists are requiring membership for posting privileges,  
so I'm sympathetic to this change (but not for 2.1!).  OTOH, I think  
there are ways that we can do this but still relax the constraint for  
well-known non-members.

For example, in MM3 the data model has been improved so that you have  
a single user object that ties in all your subscriptions.  No more  
multiple passwords or options (unless you want the latter), no more  
multiple accounts for each of your email addresses.

What if in the future, your site had 1400 lists, the membership  
databases of which were driven from your site's membership rosters.   
Now, someone you've never heard of before posts to one of your lists.   
You probably discard this (although there /are/ arguments to be made  
for some lists holding these messages instead).

But let's say that I join your site and register an email address.   
Now I post to one of your lists which I haven't explicitly subscribed  
to.  But you know me so do you discard the message, hold it, or let it  
through?  Let's say you hold it, and a list admin approves it, saying  
"hey this guy looks legit".  Let's say you do this 5 times across 3  
different lists.  I'm probably not a spammer, right?  So maybe now I  
can post to all your lists without being held.

Anyway, it's things like this that I think can be used to help reduce  
spamming on the list while letting legitimate traffic through, without  
Mailman becoming spamassassin.  OTOH, in MM3 it'll be much easier to  
integrate something like spamassassin than it is in MM2.  I'm not  
saying that's a /good/ thing since spam still is better off getting  
caught in the MTA, but this kind of thing is possible.

- -Barry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkfPJycACgkQ2YZpQepbvXHQ8ACgiMNs46R8OcItJtjoCAbIQHaO
a2AAnif160xr7GhjOWWQ6Qvcxle7f70R
=TyH6
-----END PGP SIGNATURE-----