[okfn-help] Privacy policy, registration, mailman config

Fri Feb 17 13:06:52 UTC 2012

Thanks, Nils.

> Turning these on tells Mailman
> to send separate email messages to each user instead of batching
> them together for delivery to the MTA.

I did wonder briefly why this feature had to be explicitly switched on
- this explains it, of course.

> Also, sending out mails to a lot of people who have not explicitly opted
> in/subscribed increases dramatically the risk of the OKFN mail server
> getting blacklisted, which would be quite painful.

I strongly agree. This was handled badly to start with - for which I
am partly responsible.

I know about the Received: headers - the person complaining didn't,
but I managed to get him to find them and send them. This adds to the
case, as from what I can see, the address that was forwarding to him
looked rather like a spam address. I don't pretend to know why
spammers would set up re-mailing addresses to target some addresses
they've harvested, and then use those same addresses to register on
random websites, but it looks as if that's what happened here. So not
only should we have explicit consent, but there is also a case for
captchas or some similar system for at least reducing automatic
registrations.

Mark

On 17 February 2012 11:47, Nils Toedtmann <nils.toedtmann at okfn.org> wrote:
> On 02/16/2012 11:36 AM, Mark Wainwright wrote:
>> Rufus asked me to raise this on okfn-help. In brief, we're sending out
>> newsletters (such as the new datahub one) which raise 3 issues, (i)
>> our published privacy policy, (ii) thedatahub.org's sign-up procedure,
>> and (iii) mailman configuration.
>>
>> thedatahub.org links on every page to a Privacy Policy, which is the
>> standard okfn one:
>>
>> http://okfn.org/privacy-policy/
>>
>> This is not fit for purpose as it stands. The Datahub collects an
>> e-mail address when you register, and we are therefore required to say
>> what we will do with this information. In practice we have recently
>> started sending out an occasional DataHub newsletter. (As you can see
>> below not everyone is happy about this.) We need to do two things:
>>
>> (i) change the privacy policy to mention this and specify
>> unsubscription information,
>>
>> (ii) change the sign-up procedure on the datahub so that, when giving
>> an e-mail address, the user can opt in or out of receiving newsletters
>> (eg with a check-box)
>>
>> I believe both of these are legal requirements under data protection laws.
>
> Also, sending out mails to a lot of people who have not explicitly opted
> in/subscribed increases dramatically the risk of the OKFN mail server
> getting blacklisted, which would be quite painful.
>
>
>> Cases like the chap below show that it would also help if recipients
>> of newsletters etc could see at a glance what e-mail address they had
>> been sent to (this need not be the same as the one at which it is
>> received or read). (He suggested this in subsequent correspondence.)
>
> (I know this is not a solution and only works for geeks, but one can
> usually tell from a mail's "Received:" headers which mail address a post
> was received on)
>
>
>> It seems from this page that this is possible in Mailman 2.1 (which we
>> are using):
>>
>> http://www.gnu.org/software/mailman/faq.html
>>
>> However, it requires a sysadmin to have configured the mm_cfg.py file
>> suitably, namely with
>>
>> OWNERS_CAN_ENABLE_PERSONALIZATION = Yes
>>
>> It seems that this has not been done to judge from this list of
>> currently allowed substitutions:
>>
>> http://lists.okfn.org/mailman/admin/datahub-news/?VARHELP=nondigest/msg_footer
>>
>> It would be great if someone could make the necessary change to the
>> mailman config.
>
> I looked into this. The documentation says:
>
>   OWNERS_CAN_ENABLE_PERSONALIZATION
>
>   Set this variable to Yes to allow list owners to set the "persona-
>   lized" flags on their mailing lists.  Turning these on tells Mailman
>   to send separate email messages to each user instead of batching
>   them together for delivery to the MTA.  This gives each member a
>   more personalized message, but can have a heavy impact on the
>   performance of your system.
>
>
> In our case, the mailing list "datahub-news" has 5750 subscribers, but
> only on 700 distinct mail domains. If we switched on personalisation
> that would result in 8x more deliveries, significantly increasing the
> load on our mail server.
>
>
> All in all i recommend that we do not send bulk/mass mail via our
> current mailman. Either we use some external service like mail chimp, or
> we set up a bulk mailer which seperates the risk of getting blacklisted
> and the operational risk from mail.okfn.org.
>
>
> /nils.
>
> --
> See http://nils.toedtmann.net/ for contact details.

-- 
Mark Wainwright, CKAN Community Co-ordinator
Open Knowledge Foundation http://okfn.org/
Skype: m.wainwright