Francoise Becker wrote: > On 1 Mar 2004 at 12:58, Paul Russell <[log in to unmask]> wrote: > > >>There are valid reasons for using 'Confidential= Service', just as there are >>valid reasons for using 'Confidential= Yes' or 'Confidential= No'. > > > Yes, and the *main* reason for using Confidential=Service is to have > your list show up on the web index page, but not on CataList. > By definition, a list configured with 'Confidential= Service' is supposed to be hidden from users outside the list's service area, however, its inclusion in the publicly accessible archives menu effectively provides anyone anywhere with the ability to learn of the list's existence. The archives menu page on a LISTSERV server is an appealing target for spammers or malicious mailers who want to harvest list names for their own purposes. The only effective way to prevent this would be to restrict access to the archives menu, however, this effectively disenfranchises list owners who want their lists to be accessible to the public. As I see it, the ideal solution to this problem would be the creation of separate archives menu pages for public and semi-private lists. Access to the menu of semi-private lists would require authentication with an email address in the server's local service area. In the interim, I believe semi-private lists should be removed from the public archives menu. I would like to see some feedback from other sites. Are we the only site concerned about this issue? Is everyone else satisfied with the current behavior? -- Paul Russell Senior System Administrator University of Notre Dame