On 1/23/21 4:33 AM, Stephen J. Turnbull wrote:
Is this capability important to you or your clients? If so, what is the context? I ask because, as you know, email is rather insecure by default. Making it highly secure would require a lot of effort and sophistication for the moderator, eg, PGP signatures, but there might be intermediate levels that would be appropriate for many lists.
For example, the Mailman 2 mechanism. I forget exactly what Mailman 2 does, but if the post to be approved were identified by a one-time key, then a spammer would have to have both the moderation password and the key (presumably by intercepting the moderation email) to approve their own spam. That's still a plausible scenario in principle[1] so I don't much like it (and I bet that's why Barry didn't implement it), but it would be straightforward to implement. Hi Steve,
Happy New Year! I hope you are doing well.
The question was asked of me by a new client coming from Mailman 2 into Mailman 3. I wasn't sure what the current mechanism in place was and according to Mark, none. Honestly I don't think it is a big deal.
Thank you for answering.
-- Brian Carpenter Harmonylists.com Emwd.com