[Bf-committers] Probe Message Privacy Issue

Ton Roosendaal ton at blender.org
Thu Mar 1 20:02:46 CET 2018 

Hi,

> Mailing list subscribers are already exposed on the list member page on
> lists.blender.org. I am unsure if they page is protected by a script, but
> they are available to anyone to see in a browser.

I don't know what you mean with this. How?
No list should expose its subscribers to everyone, and I never configured this in the past to allow that.

For bf-committers, that option is off btw. 

What we DO expose is the mail address of someone who mails to this this list,
That's something I really prefer to keep. 

-Ton-

--------------------------------------------------------
Ton Roosendaal  -  ton at blender.org   -   www.blender.org
Chairman Blender Foundation, Director Blender Institute
Entrepotdok 57A, 1018 AD, Amsterdam, the Netherlands

> On 1 Mar 2018, at 05:01, Jeffrey H <italic.rendezvous at gmail.com> wrote:
> 
> Mailing list subscribers are already exposed on the list member page on
> lists.blender.org. I am unsure if they page is protected by a script, but
> they are available to anyone to see in a browser.
> 
> On Feb 28, 2018 3:37 PM, "Harley Acheson" <harley.acheson at gmail.com> wrote:
> 
>> Hello,
>> 
>> I just got a message from the list manager with a subject of "Bf-committers
>> mailing list probe message"
>> 
>> I certainly understand the process and reason for the message. However, the
>> contents *exposes* the email addresses of all the 50 members listed to each
>> other.  Yes, the message that came to me lists my own email address
>> alongside 49 others.
>> 
>> Not that I care that anyone here knows my email address. But normally
>> organizations don't publish lists of addresses like this. It could be used
>> for spam, or could be used to make an unofficial list server, as examples.
>> 
>> As for the message itself, it appears that these indicate bounces from the
>> mail servers of Google bouncing messages from Yahoo because of an issue
>> with Yahoo's 550-5.7.1 DMARC policy. It looks like the message includes 50
>> address as a maximum number as it appears to be an alphabetically-sorted
>> list of gmail addresses from a-j.
>> 
>> Not a big issue, but thought you should know.
>> 
>> 
>> Cheers, Harley
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> https://lists.blender.org/mailman/listinfo/bf-committers
>> 
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> https://lists.blender.org/mailman/listinfo/bf-committers

More information about the Bf-committers mailing list