ietf-822
[Top] [All Lists]

Re: monthly password reminders -- default to yes vs. no?

2008-03-02 03:10:40

Dave Crocker wrote:

A member of a mailing list I run complained about getting his mailing list password, in the clear, every month. Apparently this is the default for mailman and I hadn't ever thought about it.

That enforces the requirement that the owner of an email address, the "data subject" in European privacy directives parlance, must be able to amend or delete the relevant entry of the list.

Certainly the sending a password in the clear sounds like a terrible idea and one might expect it to be enough to mandate turning the default off.

The user should have been warned to choose a weak password.

So I thought I'd ask you all for opinions...

IMHO, it is annoying but practical, thus I'd vote yes.

As an alternative, we could have a generic mechanism that maintains a distributed database of forwarded email addresses, so that recipients can navigate to each entry point where their address is stored along with a recipe for forwarding email messages. Besides the accompanying chance to fix forwarding, that would provide a framework to seamlessly manage

* mailing lists,
* newsletters, and
* ".forward" recipes.

It may be interesting to compare how those three models of forwarding currently tackle this "privacy problem".