On 17 Jun 2013, at 17:26, Luke Tracy wrote:
The listserv has now been converted to an MCommunity Group.
And was echoing every legitimate message for a day. Cute. Not very
competent, but cute.
You can view
the details of the group here:
https://mcommunity.umich.edu/#group:ldap
Definitely not ready for production use. It has link syntax errors that
would have been caught in the most trivial sort of testing, making it
clear that was none. Also serve out an uncacheable 7.5 MB file that
blocks rendering until it completes and consists of an atrocious mess of
GWT-based JavaScript. That's simply user-hostile for anyone not on the
UMich network, as it means a long wait (about a minute, at T-1 speed)
with nothing renderable. Whoever created that system would do more good
flipping burgers than designing webapps and writing code.
Beyond that, the site is displaying the full member list to anyone
wandering by, all in unobfuscated mailto links, perfect for harvesters.
You've apparently also opened submissions to the list to any sender,
with a convenient mailto on the public web page. The inevitable result:
the address I use for this list got its first spam in over 4 years, just
12 hours after you made the switch. It had 15 more tossed at it in 48
hours, all coming from UMich machines with [email protected] as the
Return-Path. In short: you've made this a spam list.
The LDAP listserv is an open list and anyone may subscribe and
unsubscribe. I am therefore planning to make the MCommunity group
joinable,
however, only members with a University of Michigan login will be
able to
join or resign on their own. All others will need to request to join
or
resign.
I have an easier method, thanks to having signed up with an address
designed to be killed unilaterally. Never thought I'd have to use it
because of bumbling incompetence at UMich, but glad to be able to stop
some spam without counting on the people whose carelessness made it
happen.
