Slashdot Mirror

← Back to Stories (view on slashdot.org)

Which Mailing List Manager Do You Recommmend?

Posted by Cliff on from the making-spam-easier dept.

bobdinkel writes "While I know it isn't the most glamorous thing, mailing lists are a fact of life. And they gotta be managed by someone. In my organization, that someone is me. For whatever reason (they won't exactly say) the powers that be do not want to use majordomo and sendmail. So I pose this question to you, dear reader: What is the best MLM - MTA combo in the Unix world?" One only needs to shake a stick to see the amount of software available that handles mailing lists. Which ones have suited your needs?

1 of 36 comments (clear)

  1. SmartList by Jamie+Zawinski · · Score: 5, Informative

    I use SmartList, which comes with Procmail. It's kind of a hassle to initially install (there's no smurfy GUI) but it's basic, poweful, and works without any stupidity getting in the way. User subscriptions and unsubscriptions are handled via the time-honored mechanism of mailing to list-request addresses.

    The last time this came up, lots of people recommended MailMan. As a user, I hate Mailman. So as a mailing list admin, I won't inflict it on people. Here's why:

    Compare and contrast this sequence of actions:

    With sane mailing list software:

    • Mail "unsubscribe" to "foo-request".
    • Get "please confirm" mail back.
    • Reply.
    • Done.

    With Mailman:

    • Mail "unsubscribe" to "foo-request".
    • Get "I don't understand that" mail back.
    • Find the admin URL in that web page.
    • Load the web page.
    • Try to log in.
    • Realize you don't remember the password it generated for you, because you haven't ever used it even once.
    • Find the "mail me my password" button.
    • Wait for the password to arrive.
    • Go back to the web page.
    • Try to log in.
    • Waste some more time trying before you realize it doesn't work without cookies.
    • Turn cookies back on.
    • Log in.
    • Find the unsubscribe link.
    • Done.

    Now which was easier?

    So I use Smartlist for all my mailing lists. Though it is a pain in the ass to configure, it does the "reply to this to confirm" trick completely painlessly from the end user's point of view, and not having that is a deal breaker for me.

    I understand that Mailman is trying to provide some measure of security by mailing passwords around, but mailed passwords don't work. By which I mean, they provide no more protection than the "reply to this message to be subscribed" mechanism does. So long as you can tell the web page to mail you your password, the only real validation that is going on is that the person issueing the subscribe request is a person capable of reading mail sent to the address they are subscribing.

    It's important that mailing list software do this check, to avoid prank subscriptions. But the "reply to this" method is N less steps than the password-I-don't-know-I-have method, while being absolutely equivalent from a security point of view.

    So the password thing is merely irritating and a waste of time: it has no benefits.