[Mailman-Developers] before next release: disable backscatterin default installation

[Barry Warsaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mar 25, 2008, at 5:51 PM, Eino Tuominen wrote:
> Stephen J. Turnbull wrote:
>> Eino Tuominen writes:
>>
>>> You are missing the point. Of course you can inform of a delivery
>>> problem, but only when you really need to do it. Every organisation
>>> should know of every recipient within their authority. You should  
>>> know
>>> the recipient if you accept a message for delivery from outside  
>>> your domain.
>>
>> Says who?  There is nothing in the standards that says so.  And if  
>> you
>
> The times, they are a-changing... We are facing a new world and old
> habits are not the best ways to do things anymore. I'm certainly not  
> one
> of those deeming all DSN's as evil, but it really hurts our users when
> some spammer starts a campaing forging sender addresses to look like
> ours. All the backscatter that is not absolutely necessary is evil. I
> know, we are still sending it out, too, but I'm actively working on  
> the
> issue.

In this regard, I don't view Mailman's job as to change the world.   
It's job is to adhere to standards, both formal (RFC) and best  
established practices.  That doesn't mean I think Mailman should just  
spew bounce notices all over the place.  I think Mailman should give  
sites the option to do reasonable bouncing, with rate limits, but also  
the option to remain totally silent.  We should give people the option  
to keep their email responder addresses open, but also the ability to  
shut them off.  IMO, all those policies are valid and in widespread use.

- -Barry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFH6Xyj2YZpQepbvXERAltmAJ4zYNpDGKuZQmQ4laBRqkE9pR06mgCfW31R
rLSzzuk2SdqF/yRTmHvHivk=
=EhmY
-----END PGP SIGNATURE-----