Norbert Bollow <[EMAIL PROTECTED]> writes:
> > I have started to receive spam to my list address that I only use for
> > mailing lists. I suspect that there is a "open" majordomo somewhere
> > out there. No idea where.
>
> It's right here.. I've just verified experimentally that it is indeed
> possible for anyone who knows how to use the EXPN SMTP command to
> easily obtain all subscriber e-mail addresses for the lists at
> GreatCircle.COM
The open lists hosted at GreatCircle.COM (including List-Managers and the
Majordomo-{Users,Workers} lists) have always been considered public
and neither the contents nor the identities of the posters are
considered confidential. The Majordomo "who" and "which" commands
for these lists remain open, which I believe is still the default
in the config file in the Majordomo distribution. (I.e., you don't
need to be crafty with SMTP EXPN to see who's on the list.)
(We do use subscribe-confirm and restrict postings to list members to
prevent abuse and spam, of course.)
Attempting to hide the e-mail addresses of contributors to the
lists would be a very difficult burden, since not only would some
useful features of Majordomo be disabled, we would also have to
disable features of sendmail, and most importantly, it would require
that the entire archives (including both those hosted here and those
maintained and indexed by third parties) be redacted to remove author
e-mail addresses. I don't think it's worth it.
In the 6+ year history of List-Managers I believe this is the first
time this issue has been brought up.
--
Michael C. Berch
Postmaster and List Manager, Great Circle Associates
[EMAIL PROTECTED]
