>>>>> "CVR" == Chuq Von Rospach <[EMAIL PROTECTED]> writes:
CVR> I've just finished tracking down and nuking a subscriber with
CVR> a really noxious mailbot. The situation was that anyone
CVR> posting to one of my lists would get a reply back from <major
CVR> new york financial company name deleted> acknowledging the
CVR> email. Needless, this was rather irritating to people.
CVR> I finally had to address probe the entire list, because the
CVR> mailbot was coming back from a domain that wasn't subscribed
Won't the VERP-ish support in MM2.1 make your life so much easier?
(Coming as someone who's had to do the same thing on occasion.)
CVR> But another list user brought up an interesting point, and I
CVR> want to throw it out here to see if it's a problem we should
CVR> worry about.
It's a real issue, and as I see it there is no right answer, there are
only trade-offs. If we make it easy for users who want to use an
email interface to confirm subscriptions, we also make it easier for
stupid replybots to get nailed. We can protect dumb replybots by
making it less convenient for our users, essentially by forcing them
to perform an action that is unlikely (though not impossible,
Mr. Turing), to be doable by anything other than a human.
E.g. we could shut off email confirms altogether and force only web
confirmations. Or we could be more Majordomo-ish as JC describes.
Note that MM2.1 has the opportunity to embed the confirmation cookie
in the envelope sender, so that a human meaningful Subject: could be
used on the confirmation message. This is only currently used in the
invitation confirmation (if you can't trust your admins... yikes!),
but it sounds like this may not be a good idea to add to subscription
confirmations.
So I don't know. I'm inclined to favor user convenience for now, but
I've no doubt that we'll have to re-debate this decision as time goes
by.
-Barry
_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers
