[Mailman-Users] query re "message has implicit destination"

Brad Knowles brad at stop.mail-abuse.org
Thu Aug 31 00:09:17 CEST 2006 

At 11:22 PM +0200 2006-08-30, Bretton Vine wrote:

>  (no criticism intended to developers, but I have to ask:)
>  Was this requested by users; were users involved in this decision; or was it
>  a case of developers deciding for users what they thought was best given the
>  environment of email/lists from the developer perspective?

The developers *are* the original users.  They wrote Mailman for 
themselves and their own needs, and were willing to share that with 
others.  What has happened since is that a variety of other features 
have been added over time, based on their own requirements and 
desires as well as input from others.

But all of the core developers are also heavy users of Mailman, both 
on python.org and on other mailing list servers -- including some of 
the largest known Mailman-hosted mailing lists servers.

>>  Personally, I believe it to be a reasonable default.
>
>  I don't disagree. However the documentation is clear that BCC'ing a list
>  will result in administrative oversight (if setting is'on'). But not very
>  clear as to why a TO:list;CC:3rd-party would result in the same by a post
>  from a list member who is authorised to post.

I'm not convinced that your case is what you think it is.  I have not 
heard enough details about the problem to know for sure.

>  We've found relatively little spam making it to any lists as it is. By just
>  how much a margin will turning the setting off impact on posts from
>  non-members reaching the list is non-member posting is already disallowed?
>  Is it just theoretical, negligible or will have it have major impact?

The answer is "it depends".

This week, changing this setting may make no visible difference, but 
next week you might get bombarded with spam being sent to the list 
which does not include the list address as a named recipient in 
either the "To:" or "Cc:" headers.

Every site is different.  Every list is different.  Every month is 
different.  Every week is different.  Every day is different.

Pick out which of these different issues apply to your different 
situation, and then figure out which different answer applies to your 
case.

>  In terms of our logs, the "message has implicit destination" occurs maybe
>  once for every 50 or so "post by non-member/unapproved-address to
>  member-only list" so if you look at it from a higher level service provider
>  approach it doesn't seem like it would make much of a difference, and
>  therefore is unnecessary to leave the setting enabled.

At some sites, you're not going to see this kind of spam very often. 
At other sites, you see boatloads of it on an hourly basis.  It all 
depends.

We prefer to have this option default to "on", because it is safer 
that way, and people can always choose to set their choice to be more 
permissive.  The reverse would be much worse for sites that have 
these kinds of problems, especially if those sites tend to be 
administered by less Mailman-savvy personnel, since a great deal of 
damage could be done in a very short period of time.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  Founding Individual Sponsor of LOPSA.  See <http://www.lopsa.org/>.

More information about the Mailman-Users mailing list