[Mailman-Developers] UI for Mailman 3.0 update

Wed Jun 16 21:26:40 CEST 2010

On Jun 16, 2010, at 12:33 AM, Cristóbal Palmer wrote:

>Are you saying that no scripts/bots can automatically sign up for
>mailman lists? I get plenty of signups like "qneu456na at nanke62w.net"
>that suggest otherwise. I should take the time to log those and send
>them to you, perhaps? After my masters paper...

Only if I can send you all the bounces and unsubs I get every month on Mailman
day. :)

>Okay... now that I've put all this energy into this explanation, I'll
>admit: spam to list owners, especially of the "Dear $LISTNAME owner,
>we at $SITENAME security need you to reset your password. Please find
>instructions in the attached .zip file..." were a much bigger problem
>a couple of years ago (surprisingly even after implementing SA) until
>I decided to block .zip and several other mime types at the MTA
>level. So if y'all have no interest in doing any reCAPTCHA
>integration, I'll just spend that much more time making anti-spam
>tweaks at the MTA level, and I'll field one or two more "I'm a
>moderator and I'm dealing with a lot of spam here" tickets every now
>and then.

Two points: antispam defenses are always going to be better done in the MTA
upstream of Mailman.  We may provide some hooks to allow integration with
SA/spambayes/clam/etc. but just seeing the cpu these take up on my measly
server I do not think I want such a check running on everything teh intarwebs
can throw at your lists domain.

Second, I intend to pass -owner email through a pipeline the way posted
messages go through, so you will at least have the opportunity to do some
content and other checks on the message before they're forwarded to the
owners.

>That's another point, come to think of it: I've had plenty of time and
>experience running a couple of decently-sized mailman installs, but
>what about the many, many people who have less experience running
>mailman? The easier we make it for them to make it hard on spammers,
>the better.

Yes, we should be opinionated and make reasonable defaults so that it's easy
to install and run a working system, with good tradeoffs between usability,
functionality and security.  These are not always easy tradeoffs to make.

>A final note: are there any published user studies on mailman? I see
>your ATEC '03 and LISA '98 presentations in the ACM portal, and I see
>http://www.gnu.org/software/mailman/otherstuff.html ... but nothing
>else turns up in google scholar. Please point me to other research on
>mailman and its user base if it exists. If it doesn't, maybe I need to
>make that happen....

Terri was talking at one point of contracting such research, and I think some
is being done as part of the GSoC work.  None exists that I know of.  If
you're offering, I'm sure we would love to have some additional solid
usability studies, especially focused on helping to guide Mailman 3 design.

>Thanks so much for all the work all of you do. It really is a pleasure
>and a privilege to be involved.

Thanks to you and everyone who contributes to Mailman development.  It truly
is a great community.

-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20100616/540b5156/attachment.pgp>