Henrik Rasmussen writes:
What I meant was, that the list admin may be able to set the list to Open or Moderate, making it possible to subscribe others, and I was told by our GDPR folks that we have to make the subscribers re-confirm, so I was just trying to figure out a way to do it. I don't know very much about GDPR yet.
I think Mark misinterpreted "re-confirm". I assume you mean forcing the *existing* subscribers to perform some action to confirm that they still want to be subscribers. This is not currently a feature of Mailman 2 or Mailman 3. We only can require confirmation at initial subscription, except by something like unsubscribing or no-mail'ing everybody as Mark suggested.
I agree, I wouldn't remove [the mass subscription feature] either, but I just have to be concerned about the possibility that someone may have been subscribed against their will.
I think you would hear about that. Re-confirmation in light of new rights for subscribers and responsibilities for providers seems reasonable to me, but I think it's reasonable to assume list admins are not malevolent.
In light of GDPR, we may need to develop ways to enforce site policy about subscription confirmation and ability of users to unsubscribe themselves at will.
Is there a way to resend a confirmation request to either those who haven't been requested to confirm or alternately to all subscribers?
It seems to me that what most organizations are doing is not to force reconfirmation, but rather informing their users of
- their GDPR rights
- what PII is present in the relevant databases
- how to terminate the relationship if desired
In the case of Mailman, you might also want to
- require SSL to access the website
- advise the users to change their passwords if you had been allowing access via HTTP or sending password reminders
For stock Mailman 2, this is not a big deal (I don't think any of the subscriber configuration information is PII except display name and address), but for Mailman 3 I believe there's some profile information in HyperKitty that might be considered PII, and Mailman 3 will be easier to extend using plugins etc to potentially incorporate even more.
Mark Sapiro writes:
Or, post to the list that everyone will need to resubscribe and then remove everyone.
Note that this means that people who resubscribe late will miss mail. That may or may not be a big deal.
Steve