>>>>> "KPB" == Kendall P Bullen <email@example.com> writes:
KPB> Then why is there a restrict_post feature?
To cut down on spam. I don't see why you have to ask this. On one hand we
have complete access over the lists, which we password protect. On the
other hand we have simple posting to the list. They let tour groups into
NORAD, but they still put a big lock on the door to the room with the big
Your question suggests that the dichotomy is useless; that we should have
either free access to all list commands and posting rights, or that we
should have password access to all message commands and require a password
to post to the list. That's obviously not a great solution, although the
existence of PGP and the like does offer new options (which we don't yet
take into consideration, but who knows what the future holds).
KPB> Since you'd have to know who is a "trusted" user for administrativa,
KPB> and presumably it would be non-obvious (if you're smart), unless
KPB> someone tried it from every e-mail address they saw on a list, it
KPB> doesn't seem like a big danger to me.
So you mean to say it's "difficult" to figure out who the list owner is?
Perhaps by sending mail to them (via owner-list), or seeing what an SMTP
EXPN on owner-list points to? Heck, just hanging around on a list for a
little while usually reveals who the owner is, though not always. You're
arguing security through obscurity.
KPB> (And I presume that the attempts that failed would bounce to the list
KPB> owner, so they would know someone was trying to hack the list.)
And what would their recourse be? Remove themselves from the trusted list?
Alert some postmaster and hope they stop? There's no password to change,