Yes, they’re still disabled. Disabling the access to the mail server
would be easy, but we probably want to keep the password recovery by
email.
Are PM notifications still disabled? (All we really need is disable the forum’s access to the mail server)
Does it work correctly now? I had made some forum code changes to disable PM email notification, but just reverted most of them as unnecessary.
mmalmi@cc.hut.fi wrote:
I sent a removal request to PBL.
The FAQ says: “The first thing to know is: THE PBL IS NOT A
BLACKLIST. You are not listed for spamming or for anything you have
done. The PBL is simply a list of all of the world’s dynamic IP
space, i.e: IP ranges normally assigned to ISP broadband customers
(DSL, DHCP, PPP, cable, dialup). It is perfectly normal for dynamic
IP addresses to be listed on the PBL. In fact all dynamic IP
addresses in the world should be on the PBL. Even static IPs which
do not send mail should be listed in the PBL.” So we didn’t even
need to allow spam to be on the list.Here’s the info about PBL again.
-------- Original Message -------- Subject: Forum e-mail notifications and PBL blacklist and wiki registration Date: Thu, 29 Jul 2010 03:18:56 +0100 From: Satoshi Nakamoto satoshin@gmx.com To: Martti Malmi mmalmi@cc.hut.fi
http://www.bitcoin.org/smf/index.php?topic=338.0
of e-mail blackhole list or at least the ISP that hosts the
e-mail server for registration is on one of those lists.“Looks like bitcoin.org is listed on the PBL.” http://www.spamhaus.org/pbl/query/PBL340779
I think our problem may be that we have forum notifications on, like e-mail you when you receive a PM, but we don’t have e-mail verification of new accounts. Can someone put someone else’s e-mail address without verifying it, then have stuff sent there? We need to stop that right away before it gets used for something bad. Either disallow all notification, or make sure e-mail addresses are verified.
I’m more inclined to disallow notifications or anything where the forum sends you e-mail. I kinda like not requiring e-mail verification. But if that’s the only way to make sure we don’t send e-mails to un-verified addresses, then we could do that.
If we request to get off of PBL, we’d better make sure we’ve got the problem secured first.
I changed Registration->settings->registration of new members to “Member Activation”. I assume that means it e-mail verifies. “Member Activation When this option is enabled any members registering to the forum will have a activation link emailed to them which they must click before they can become full members”
I think that’s the only way to make sure the forum can’t be used to send to other people’s e-mail addresses and potentially use it to spam.
Source: Published by Martti Malmi on GitHub in February 2024 as part of his testimony in the COPA v. Wright trial. The full correspondence archive is available at mmalmi.github.io/satoshi/.