On Fri, 7 Jan 2000, Ronald F. Guilmette wrote:
> I for one am more than willing to overlook the participation of either
> egroups.com or any other list hosting service in this type of spamming
> and violation of California law IF AND ONLY IF they will just be so kind
> as to do what most of the rest of the list administrators reading these
> words have already done long ago, i.e. implement a simple subscription
> confirmation protocol that will insure that I and other Internet users
> are not exposed to the additional risk of ``subscription bombing'' IN
> ADDITION to the risk of being indirectly spammed with the assistance of
> their servers.
I think the point that was made earlier was that the majority of
individual list owners do not have that restriction placed on them on
services other than eGroups. Hence, if I am the list administrator on a
Majordomo list, I can do:
approve <password> subscribe <list> <email>
Do they get a confirmation ticket? Not under stock majordomo, not last
time I checked. Does this mean Majordomo on a free Majordomo hosting site
could be used by list admins as a spam technique, by signing up people
without their consent? Of course! The /vast majority/ of listserver
software out there has a way for admins to add users.
However, that having been said, it probably does make sense on
un-supervised large commercial 'free' list hosting sites to have some sort
of protection against this being done, but saying 'everyone else does it'
is not valid, since while most give confirmation tickets for a normal
subscribe, if a user is /manually added/ by a list admin, it does not.
And that appears to be the case here; not that another user tried to sign
them up, but that they were manually added by the admin.
In Listserv, I can add manually. In Majordomo, I can add manually or even
just edit the user file. In Smartlist, I can edit the user files. I
suspect you can do the same in ezmlm, Mailman, and Sympa (which I have not
used as a list or site admin, so cannot attest to). In Listar, I could
edit the user file on disk, or I could just send an authenticated admin
command mail, and manually add people in that.
The key is that most listserver packages are designed around the theory
that the list admins are responsible; otherwise the sysadmin would not let
them have a list, right? But that theory goes out the window with free
hosting services with unsupervised signups, such as eGroups/Onelist.
So, while you are arguing a valid point (something should change about the
eGroups/Onelist setup) arguing that they are somehow doing something
different than all other setups is /not/ true. The problem is they are
doing the /same/ thing as the setups where the list admin can be trusted.
Just my $0.02 + state sales tax. Take as applicable.
Jeremy Blackman - firstname.lastname@example.org / email@example.com / firstname.lastname@example.org
Lithtech Team, Monolith Productions -- http://www.lith.com
Listar Developer -- http://www.listar.org