[BALUG-Admin] Config settings (was: pre-announce / "soft" open) BALUG-Test list)

Rick Moen rick@linuxmafia.com
Wed Jul 12 16:24:12 PDT 2017


I wrote:

> > Send mail to poster when their posting is held for approval?
> > (Edit respond_to_post_requests) ... debatable....
> 
> Again, glad to discuss my reasoning.  (It's late, and I've had too
> little sleep, or I'd say more here.  But I've pretty firmly come down on
> the 'no' side after much pondering.)

As with many issues in mailing list administation, this issue partly
involves the spam issue, and partly involves user psychology.


I'm sure you're acutely aware of what a blight on the Internet
backscatter spam is.  https://en.wikipedia.org/wiki/Backscatter_(email)
This is an issue in a _huge_ variety of traditional SMTP infrastructure
that is guilty of sending back autoresponses to claimed SMTP senders
that are more often than not forged, making the infrastructure complicit
in the spam problem.

E.g., any unpatched instance of DJB's qmail 1.03 (latest) is a
horrifically bad netizen because Dan's qmail-smtpd process _first_
accepts incoming mail and only then decides whether to further process
it for local users / MDAs / LDAs or whether to generate a non-delivery
report (NDR) and outbound-deliver it to the (usually forged) claimed
sender.  

And -- my point -- Mailman sending 'Post by non-member to a
members-only list' held-message notices will in a large percentage of
cases be textbook backscatter spam.  This will be true unless and until
your accepting MTA is close to perfect in spam-rejection in its
receiving stage.

I hate spam, which means I also hate being guilty of backscatter spam. 
Which means 'Send mail to poster when their posting is held for
approval' is a terrible idea, and the correct setting is 'no'.


Separately from that, as I said, is the user psychology bit.  But first
I'll talk about the big picture, on my views concerning ethical mailing
list administrative practices.  My view is that ethics requires the
listadmin to be responsive to _legitimate_ subscribers and aspiring
subscribers (but not, say, to spammers), and to be transparent within
certain limits and expectations.  So, for example, a posting from a
legitmate member should never just be discarded, because that is a
failure of responsiveness to the subscriber.  Just 'disappearing' an
attempted post, e.g., by letting it expire out of queue or hitting the
Discard button is, IMO, scummy behaviour.  If it will not be approved,
it should be explicitly rejected with a nice, concise notice about why.

Given that one is doing that, and doing it in a timely manner, is there
a functional advantage to subscribers or the listadmin to also
autosending an instant 'Your message has been held for moderator
attention' notice?  Not in my view, though I understand that some
subscribers want maximal information instantly.  Against that, there are
the disadvantages:

Sometimes, with luck very rarely, you end up having good reason to
suspect a current subscriber of inclination to commit misbehaviour in
front of the mailing list as a large audience.  So, you might want to
quietly set that member's Moderated flag for a day or two, just so you
can review what that particular hothead is saying before it goes out.
If you're on the ball, the resulting admin-queue delay is so tiny that
the subscriber probably won't even notice.  Probably, after the first or
second post without misbehaviour, you'll hit the checkbox on the Approve
dialogue to clear the subscriber's Moderated flag again -- because your
confidence has been restored and because a smart listadmin is a lazy
listadmin.  (You really don't _want_ to vet anyone's posts.)  

Doing all of the above with the 'Send mail to poster when their posting
is held for approval' feature off means it's all transparent to the
subscriber and doesn't insult anyone or get anyone's back up.

There are probably other examples of this usefulness to _not_ having
notices go out every time something lands in the admin queue, but I'm
not remembering them at the moment.  The larger point is;  It's useful,
to a degree that IMO massively outweighs some subscribers' desire to
know instantly everything that's going on (especially if the listadmin 
acts on needed tasks in a timely fashion).


As an aside, I also strongly favour _not_ manually approving messages
arriving from non-subscribed addresses.  Instead, reject with a nice 
explanation that, in 2017, you have to post to mailing lists from your
subscription address, but that people with multiple addresses they might
wish to use for posting can still do so by subscribing _all_ their
addresses and setting all but one's subscriptions to 'nomail'.

And also, you should almost never use the 'List of non-member addresses
whose postings should be automatically accepted' feature (Privacy
Options, Sender Filters), or its equivalent 'Add [$ADDRESS] to one of
these sender filters: ' checkbox on the mail queue page.  Why?  Because
any address in that roster gets prospectively exempted from _all_
posting rules, e.g., maximum message size for that mailing list, and
unconditionally permitted to post.  (The roster is thus a lurking menace
to listadmins new to Mailman.)





More information about the BALUG-Admin mailing list