Francoise Becker wrote:

> On 1 Mar 2004 at 12:58, Paul Russell <[log in to unmask]> wrote:
>
>
>>There are valid reasons for using 'Confidential= Service', just as there are
>>valid reasons for using 'Confidential= Yes' or 'Confidential= No'.
>
>
> Yes, and the *main* reason for using Confidential=Service is to have
> your list show up on the web index page, but not on CataList.
>

By definition, a list configured with 'Confidential= Service' is supposed to be
hidden from users outside the list's service area, however, its inclusion in the
publicly accessible archives menu effectively provides anyone anywhere with the
ability to learn of the list's existence. The archives menu page on a LISTSERV
server is an appealing target for spammers or malicious mailers who want to
harvest list names for their own purposes. The only effective way to prevent
this would be to restrict access to the archives menu, however, this effectively
disenfranchises list owners who want their lists to be accessible to the public.

As I see it, the ideal solution to this problem would be the creation of
separate archives menu pages for public and semi-private lists. Access to the
menu of semi-private lists would require authentication with an email address in
the server's local service area. In the interim, I believe semi-private lists
should be removed from the public archives menu.

I would like to see some feedback from other sites. Are we the only site
concerned about this issue? Is everyone else satisfied with the current
behavior?

--
Paul Russell
Senior System Administrator
University of Notre Dame