PDA

View Full Version : Membership Notifications



Todd Fields
2005-08-01, 09:41
I seem to get periodic "membership notifications" from the list
that simply act as a reminder that I'm a member of the list. Is
there a way to disable this? I don't mind the notifications so
much as the fact that it includes my password in the text of the
notification. Call me paranoid, but the password I use for my
SlimDevices account is a password I use for a lot of different
things so it just bothers me that it is included. My opinion is
that for security purposes you should never send out someone's
password unless they have specifically asked for it and have
provided the required information (whether that simply be the
e-mail address on record or an answer to a secret question or
whatever.) Thanks.

MrC
2005-08-01, 10:26
This is standard practice for the Mailman list server software.

There is an option to disable the sending of monthly reminders.

You absolutely should *not* be using any password you care about (ie. one that you use elsewhere) for mailing lists or any other source that is not completely trusted or in your control. There are a number of reasons, such as: a) the password is not encrypted, b) it is available to anyone who manages the mailing list, c) the password is stored/sent in clear text. Any compromise gives additional information to others about attacking your sites/services/hosts/etc.

Call me paranoid
The threat is real, so this is not paranoia - but using the same password on many sites increases your risks, not reduces them, so your fears are well-founded, but preventable.

Dave Dewey
2005-08-01, 10:42
Quoting MrC (MrC.1t3izz (AT) no-mx (DOT) forums.slimdevices.com):

>
> This is standard practice for the Mailman list server software.
>
> There is an option to disable the sending of monthly reminders.

I'm reasonably sure that only applies to the administrator of the list; ie
the admin decides whether reminders go out or not. I disable this on the
lists I run because I think it's stupid, but lots of other list admins
disagree.

Todd Fields
2005-08-01, 11:24
--- MrC <MrC.1t3izz (AT) no-mx (DOT) forums.slimdevices.com> wrote:


> The threat is real, so this is not paranoia - but using the
> same
> password on many sites increases your risks, not reduces them,
> so your
> fears are well-founded, but preventable.

Thanks. I will see if I can change the settings. I agree that
using the same password at multiple sites is a greater security
risk. I just found it difficult to remember a different
password for everything I ever registered for and any list I'd
try to maintain would end up incomplete or eventually lost.
Maybe I'll change the password though when I'm trying to disable
the notifications, I didn't realize these list servers were that insecure.

Todd Fields
2005-08-01, 11:28
--- Dave Dewey <ddewey (AT) cyberthugs (DOT) com> wrote:

> I'm reasonably sure that only applies to the administrator of
> the list; ie
> the admin decides whether reminders go out or not. I disable

If that's the case then I'd vote to disable this feature, not
that anyone asked. ;)

kdf
2005-08-01, 11:39
>
>
try the link at the bottom, for listinffo. there must be a setting
because I've never seen any messages reminding me of my membership.

-kdf