Bad mailing list practice?

Cyrus Daboo <daboo@isamet.com> Wed, 01 September 2004 21:23 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA06234; Wed, 1 Sep 2004 17:23:40 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C2ccG-0002oR-4k; Wed, 01 Sep 2004 17:26:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C2biS-0005T7-Tv; Wed, 01 Sep 2004 16:28:24 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C2Wwi-0008FH-67 for ietf@megatron.ietf.org; Wed, 01 Sep 2004 11:22:48 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA26300 for <ietf@ietf.org>; Wed, 1 Sep 2004 11:22:44 -0400 (EDT)
Received: from darius.cyrusoft.com ([63.163.82.2]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C2Wys-0005jG-EY for ietf@ietf.org; Wed, 01 Sep 2004 11:25:05 -0400
Received: from [10.0.1.3] (ninevah.cyrusoft.com [63.163.82.9]) (authenticated bits=0) by darius.cyrusoft.com (8.12.9/8.12.9) with ESMTP id i81F4Qo3004345 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf@ietf.org>; Wed, 1 Sep 2004 11:04:28 -0400
Date: Wed, 01 Sep 2004 11:22:35 -0400
From: Cyrus Daboo <daboo@isamet.com>
To: ietf@ietf.org
Message-ID: <C16A6FD47B5676A7FF69E84F@ninevah.local>
X-Mailer: Mulberry/4.0.0d1 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Status: No, hits=0.0 tests=none
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Wed, 01 Sep 2004 16:28:23 -0400
Subject: Bad mailing list practice?
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 1ac7cc0a4cd376402b85bc1961a86ac2
Content-Transfer-Encoding: 7bit

A public mailbox (accessible by anyone with an IMAP client) just received a 
mailman reminder about a subscription to this list. That message contained 
a clear-text password (actually several in this case). Whilst mailman does 
have an option for subscribers to turn off the password reminder I think it 
is bad practice to have that default to 'on' for new subscribers given that 
mailing lists are often piped into public archives.

-- 
Cyrus Daboo

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf