----- Original Message -----
From: "IETF Chair" <chair@xxxxxxxx>
To: "IETF Announcement List" <ietf-announce@xxxxxxxx>
Cc: "IETF" <ietf@xxxxxxxx>
Sent: Monday, May 18, 2015 8:45 PM
Subject: e-mail password reminders discontinued
As you know, the IETF uses the Mailman package to manage our
mailing lists. One of the features of Mailman is that it generates a
password reminder once a month and sends it to every email
address in the system. This email is to advise you that we had to
discontinue the mailman password reminders.
We have had an earlier discussion about this, and there were a few
people who wanted to see the reminders continue, and at that point
we turned them back on. They were causing operational difficulties,
however, which have led us to disable them again. We also hoped
that we would be able to make the setting a per-subscriber option.
However, this turned out to not be possible in Mailman. I apologize
for any inconvenience that this may cause.
The Mailman passwords are emailed in plain text, which is
generally considered a poor practice from a security standpoint.
In addition, each month when tens of thousands of reminder emails
are distributed, one or more ISPs temporarily block or rate-limit
email traffic coming from the IETF mail servers in response to the
mass mailing of these reminders.
Users can still receive their passwords from the system on request
by visiting the information page of any subscribed list. Visit
https://www.ietf.org/mailman/options/<list name>, enter your email
address, and click remind.
Let us know if we can do something to improve your mailing list
experience, be it about password reminders or other things.
It's a shame. The value of the reminder was not the password, but a
confirmation that I was still subscribed to the lists that I thought that I
was subscribed to, and had not been unsubscribed due to some dark art of the
mailing list processes - which has happened to me on more than one occasion.
Tom Petch
Jari Arkko, IETF Chair