Discussion:
Mailing list passwords in plain text
Sam Auciello
2013-07-01 20:42:53 UTC
Permalink
So I was just sent the following unencrypted message. I've replaced my
password with asterisks but it is otherwise as is. I shouldn't need to
tell anyone here why its horrible to store passwords in plain text but
sending them in unencrypted emails! Seriously? This is incredibly
irresponsible. Can something be done about this?

---------- Forwarded message ----------
From: <mailman-***@lists.automattic.com>
Date: Mon, Jul 1, 2013 at 1:00 AM
Subject: lists.automattic.com mailing list memberships reminder
To: ***@samauciello.com


This is a reminder, sent out once a month, about your
lists.automattic.com mailing list memberships. It includes your
subscription info and how to use it to change it or unsubscribe from a
list.

You can visit the URLs to change your membership status or
configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.

In addition to the URL interfaces, you can also use email to make such
changes. For more info, send a message to the '-request' address of
the list (for example, mailman-***@lists.automattic.com)
containing just the word 'help' in the message body, and an email
message will be sent to you with instructions.

If you have questions, problems, comments, etc, send them to
mailman-***@lists.automattic.com. Thanks!

Passwords for ***@samauciello.com:

List Password // URL
---- --------
wp-***@lists.automattic.com ******************
http://lists.automattic.com/mailman/options/wp-hackers/info%40samauciello.com
Chloé Desoutter
2013-07-01 20:45:01 UTC
Permalink
Hello,

Quick said, use a discardable password for mailing list.

Yours sincerely
Post by Sam Auciello
So I was just sent the following unencrypted message. I've replaced my
password with asterisks but it is otherwise as is. I shouldn't need to
tell anyone here why its horrible to store passwords in plain text but
sending them in unencrypted emails! Seriously? This is incredibly
irresponsible. Can something be done about this?
---------- Forwarded message ----------
Date: Mon, Jul 1, 2013 at 1:00 AM
Subject: lists.automattic.com mailing list memberships reminder
This is a reminder, sent out once a month, about your
lists.automattic.com mailing list memberships. It includes your
subscription info and how to use it to change it or unsubscribe from a
list.
You can visit the URLs to change your membership status or
configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.
In addition to the URL interfaces, you can also use email to make such
changes. For more info, send a message to the '-request' address of
containing just the word 'help' in the message body, and an email
message will be sent to you with instructions.
If you have questions, problems, comments, etc, send them to
List Password // URL
---- --------
http://lists.automattic.com/mailman/options/wp-hackers/info%40samauciello.com
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
J.D. Grimes
2013-07-01 21:47:01 UTC
Permalink
When you sign up I'm pretty sure it says that you should choose a discardable password, and tells you that it will be regularly emailed to you in plain text format. If you go to your preferences, you can disable the monthly reminders, so your password won't be emailed to you each month.

-J.D.
Post by Chloé Desoutter
Hello,
Quick said, use a discardable password for mailing list.
Yours sincerely
Post by Sam Auciello
So I was just sent the following unencrypted message. I've replaced my
password with asterisks but it is otherwise as is. I shouldn't need to
tell anyone here why its horrible to store passwords in plain text but
sending them in unencrypted emails! Seriously? This is incredibly
irresponsible. Can something be done about this?
---------- Forwarded message ----------
Date: Mon, Jul 1, 2013 at 1:00 AM
Subject: lists.automattic.com mailing list memberships reminder
This is a reminder, sent out once a month, about your
lists.automattic.com mailing list memberships. It includes your
subscription info and how to use it to change it or unsubscribe from a
list.
You can visit the URLs to change your membership status or
configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.
In addition to the URL interfaces, you can also use email to make such
changes. For more info, send a message to the '-request' address of
containing just the word 'help' in the message body, and an email
message will be sent to you with instructions.
If you have questions, problems, comments, etc, send them to
List Password // URL
---- --------
http://lists.automattic.com/mailman/options/wp-hackers/info%40samauciello.com
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Andrew Nacin
2013-07-01 21:51:34 UTC
Permalink
Post by J.D. Grimes
When you sign up I'm pretty sure it says that you should choose a
discardable password, and tells you that it will be regularly emailed to
you in plain text format. If you go to your preferences, you can disable
the monthly reminders, so your password won't be emailed to you each month.
Yep. This is standard operating procedure for mailman (
http://www.gnu.org/software/mailman/) which is the most widely used list
manager (and what WordPress.org uses).

Loading...