Monthly Password Reminders
Does MM3 send these monthly subscription reminders the way MM2 used to do? I am looking for the setting, but can't find that in the list settings.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
On 2/2/23 06:29, Odhiambo Washington wrote:
Does MM3 send these monthly subscription reminders the way MM2 used to do? I am looking for the setting, but can't find that in the list settings.
No, it does not.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Thu, Feb 2, 2023 at 8:21 PM Mark Sapiro <mark@msapiro.net> wrote:
On 2/2/23 06:29, Odhiambo Washington wrote:
Does MM3 send these monthly subscription reminders the way MM2 used to do? I am looking for the setting, but can't find that in the list settings.
No, it does not.
The rationale behind the decision to toss away that feature? Security??
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Odhiambo Washington writes:
On Thu, Feb 2, 2023 at 8:21 PM Mark Sapiro <mark@msapiro.net> wrote:
On 2/2/23 06:29, Odhiambo Washington wrote:
Does MM3 send these monthly subscription reminders the way MM2 used to do? I am looking for the setting, but can't find that in the list settings.
No, it does not.
The rationale behind the decision to toss away that feature? Security??
For the passwords, yes. It was frequently reported as a bug, in fact. Mostly the reminders generate requests to know how to shut them off. You're the first in probably a decade who's asked how to turn them on!
While in theory we could protect in transit with SMTP over TLS, we can't guarantee end-to-end encryption (eg, if there's a .forward at the subscribed address), and while TLS is widely implemented, it's still not universal. And there's no way to protect unencrypted email from admins at the receiving host. Receiving encrypted email is pretty much not implemented at all, except in some specialized communities. Also, now that passwords (if they're used) are attributes of Users who may have several Addresses and worse, they may have admin privileges. So Mailman 3 passwords are generally higher value than in Mailman 2.
I can imagine a use for the list of subscriptions part that a few users might like, but most folks would prefer not to get another regular mailing.
Steve
On Fri, Feb 3, 2023 at 3:05 PM Stephen J. Turnbull < stephenjturnbull@gmail.com> wrote:
Odhiambo Washington writes:
On Thu, Feb 2, 2023 at 8:21 PM Mark Sapiro <mark@msapiro.net> wrote:
On 2/2/23 06:29, Odhiambo Washington wrote:
Does MM3 send these monthly subscription reminders the way MM2 used to do? I am looking for the setting, but can't find that in the list settings.
No, it does not.
The rationale behind the decision to toss away that feature? Security??
For the passwords, yes. It was frequently reported as a bug, in fact. Mostly the reminders generate requests to know how to shut them off. You're the first in probably a decade who's asked how to turn them on!
It's because I only recently migrated to MM3 after watching from the periphery for years :) I have been on MM2, and even there I disabled it. I was just curious.
While in theory we could protect in transit with SMTP over TLS, we
can't guarantee end-to-end encryption (eg, if there's a .forward at the subscribed address), and while TLS is widely implemented, it's still not universal. And there's no way to protect unencrypted email from admins at the receiving host. Receiving encrypted email is pretty much not implemented at all, except in some specialized communities. Also, now that passwords (if they're used) are attributes of Users who may have several Addresses and worse, they may have admin privileges. So Mailman 3 passwords are generally higher value than in Mailman 2.
I can imagine a use for the list of subscriptions part that a few users might like, but most folks would prefer not to get another regular mailing.
Steve
That makes complete sense, and I am satisfied with the decision.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
On 2/3/23 04:05, Stephen J. Turnbull wrote:
For the passwords, yes. It was frequently reported as a bug, in fact. Mostly the reminders generate requests to know how to shut them off. You're the first in probably a decade who's asked how to turn them on!
While in theory we could protect in transit with SMTP over TLS, we can't guarantee end-to-end encryption (eg, if there's a .forward at the subscribed address), and while TLS is widely implemented, it's still not universal.
Perhaps more significantly, all passwords are now stored in encrypted form, so for practical purposes we couldn't send the unencrypted password because we don't know it and the encrypted password is not useful to the user.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Mark Sapiro -
Odhiambo Washington -
Stephen J. Turnbull