This is the first time I've seen an automated and unrequested email with my password in it (I hadn't noticed the password in these email previously as the content seemed irrelevant – I wasn't even looking).

 

However, I do see an option on the list membership configuration page (http://www.openldap.org/lists/mm/options/openldap-technical) to disable these reminders:

"Once a month, you will get an email containing a password reminder for every list at this host to which you are subscribed. You can turn this off on a per-list basis by selecting No for this option. If you turn off password reminders for all the lists you are subscribed to, no reminder email will be sent to you."

 

The fact that this option defaults to On – in the middle of 10 – it's pretty lame. Options that send a password in cleartext should probably default to 'No' – yes?

 

- chris

 

From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Phill Edwards
Sent: Monday, February 01, 2016 12:11 AM
To: openldap-technical@openldap.org
Subject: Fwd: openldap.org mailing list memberships reminder

 

I received this today and was shocked to see my password in the email. In this day and age a technology group like this should know far better than to do that. It's bad enough you keep unencrypted passwords, but then to send them our in an email is reckless and irresponsible.

Regards,
Phill Edwards
---------- Forwarded message ----------
From: <mailman-owner@openldap.org>
Date: 1 Feb 2016 4:24 PM
Subject: openldap.org mailing list memberships reminder
To: <philledwards@gmail.com>
Cc:

> This is a reminder, sent out once a month, about your openldap.org
> mailing list memberships.  It includes your subscription info and how
> to use it to change it or unsubscribe from a list.
>
> You can visit the URLs to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery
> or disabling delivery altogether (e.g., for a vacation), and so on.
>
> In addition to the URL interfaces, you can also use email to make such
> changes.  For more info, send a message to the '-request' address of
> the list (for example, mailman-request@openldap.org) containing just
> the word 'help' in the message body, and an email message will be sent
> to you with instructions.
>
> If you have questions, problems, comments, etc, send them to
> mailman-owner@openldap.org.  Thanks!
>
> Passwords for philledwards@gmail.com:
>
> List                                     Password // URL
> ----                                     --------
> openldap-technical@openldap.org          <removed>
> http://www.openldap.org/lists/mm/options/openldap-technical/philledwards%40gmail.com

“This message is intended only for the use of the addressee(s) and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient(s), you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify the sender immediately.”