On 2022-01-31 at 10:43 -0700, Geoff Mulligan wrote: > 1. If a recipient on an email message is both in the To: or Cc: and > on the mailing list, should the listserver send the message to the > recipient: > a) By default > b) Not by default (but configurable) > c) Never
Yes, it should be sent to that recipient. It's also simpler to explain and understand. It may be annoying for some people, in which case you might wish to make that configurable, but the default shall be to deliver. (The direct copy can annoying as well, since it won't have the list headers which would easily let replying to list) However, the more pushing issue is the security aspect. If the list skips you when it finds you in CC I can influence the mailing list server to send an email to everyone but you by simply including a Cc header saying I am copying you (but not actually adding a RCPT TO: with your address) Or, more innocently, should the direct copy fail for some reason (we have plenty of examples here), that person won't receive the direct email *nor* the indirect one through the mailing list. In such case, there should be a NDR, granted (perhaps received a week later), but even assuming the NDR is seen and understood by the sender, he will probably shrug and assume it will have been received through the mailing list. The most exotic case I remember right now happened when replying privately to a subscriber of this list, where their tagged email address refused receiving my email, since I wasn't mailop. The funny thing is I was providing the contact email address they had asked for. I had to do some twisting to get their MTA to accept the message, and it was probably dropped anyway, since I received no response. If I replied both directly and to the list, such configuration would have been a problem. > 2. If a mailing list is in the BCC: should a message be delivered to > the > list: > a) Yes - always > b) No - never > c) Configurable > d) Convert it to a CC: I'm with John here. I would reject mails not explicitly showing the list as a recipient. You can do so when incoming, in order to avoid backscatter. The only legitimate case I can think of that are chained list, such as when -users mailing list is itself a subscriber of -announce. But since both lists would be in your platform, taking that into account shouldn't be a problem. Best regards _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
