Mailman Considered Harmful
© 2002 Jamie Zawinski <>

Mailman is very popular mailing list manager software. Because it's popular, I end up having to use it a lot, as it tends to drive mailing lists I'm interested in. It's a huge pain in the ass to use, and has a braindead security model. Here's a rant about it. I keep hoping that maybe someday the clue-elves will arrive in the night and sort this out, but it's been years, and it hasn't happened yet. (And yes, I've sent these complaints to the developers too. I'm still waiting for the elves.)

1. Mailman is a pain in the ass for the end user.

2. Mailman's password mechanism provides zero security.

Just say no to Mailman!

I use Smartlist (which comes with Procmail) to manage all of the mailing lists that I run. Smartlist is a huge pain in the ass to configure, but after it's installed, it works very sensibly. In particular, it does the "reply to this to confirm" trick completely painlessly from the end user's point of view: all they have to do it hit "reply" to confirm their subscriptions, and they're done.

And it's trivially easy to set up web-based subscription mechanism for Smartlist-based lists, as I did for the DNA Lounge announcements mailing list: this is just a simple CGI that does some basic syntax-checking on the entered address, and then sends mail to the -subscribe address with that address in the From: line. Then the user simply hits reply once they get the subscription-confirmation mail.

In fact, there's nothing Smartlist-specific about that: the CGI just sends mail, it doesn't care what software is on the other end.

[ up ]