Kavi Help CenterKavi Mailing List Manager Help
| Chapter 4. Access Control | ||
|---|---|---|
 |
Part I. Concepts | 
|
Table of Contents
The Kavi® Mailing List Manager offers a number of ways to control access to mailing list content depending on the organization's goals and policies and the purpose served by the list.
Mailing lists are a natural way for technical standards organizations to provide openness and transparency to members, potential members and the community at large. They help raise awareness and interest in the organization, and can offer nonmembers a way to contribute to the goals of the organization.
- Openness
How inclusive should the list be to those who may want to contribute content? Will it be open to contributions from the public, only to subscribers, or more restricted than this?
- Transparency
How visible should the list be? Should it be publicly visible, visible only to members or only to administrators (i.e., essentially hidden)?
The principal of access control is diametrically opposed to the principals of openness and transparency, so these competing goals must be balanced when defining list policy, and the trade-off between the loss of openness and transparency and the benefits of access control must be considered. Unless a list is to be entirely open to the public (and therefore, entirely open to spam), some form of access control is a necessity.
Reasons to control access:
To protect the quality of list content
To protect the privacy of list content
Publicly subscribable lists or lists with publicly viewable web archives are only useful to share information your organization wants everyone to see. Public lists with unrestricted posting are wide open to spammers, and usually become so flooded with spam that other mailing list users abandon the list. For this reason, perfectly open and transparent lists are rare.
Most organizations and their members expect the lists they sponsor to be relatively free from spam because of the drain on system resources and list users' time. They also host lists that need to be kept private so the list can be used to exchange potentially sensitive information.
List access control points:
who can post messages
who can subscribe
who has access to archives
Private lists, such as those that serve work groups, may require subscribers to be added by administrators to prevent unauthorized people from subscribing themselves to the list. Archive access is probably limited to subscribers. Private lists usually only grant direct posting privileges to subscribers, but can make exceptions for posts from trusted non-subscribers by designating posters or approving individual posts. These non-subscribers may not be allowed to view list content, even though they are allowed to post.
To understand how mailing lists work, you need to understand that a mailing list only knows list users as email addresses. The Kavi® Members software can recognize a logged in user and determine their level of access to Kavi Mailing List Manager tools, but when someone sends an email to a mailing list, the list only recognizes the sender if the email was sent from an address on one of the subscriber lists. The mailing list determines what level of posting access to grant the sender based on which list(s) the email address is on.
Many of the problems encountered by mailing list users revolve around the dichotomy of human versus system perspective of sender identity. People perceive access permissions as belonging to themselves as individuals, but the mailing list perceives access permissions as belonging to the email address. When a person reports problems posting to a list, it is usually because they are sending their message from an address that doesn't have posting privileges because it isn't on the right subscriber lists. Mailing lists classify unknown addresses as 'public', and most lists are configured to reject or moderate messages from public senders.
Back to topIn its default configuration, the Kavi Mailing List Manager relies heavily on Kavi Members to control list access, and tends to restrict the ability of list users to interact with mailing lists through ezmlm email commands in favor of Web-based access. This gives the organization tighter control over the subscription process and list visibility, plus improved data management and integrity—particularly in keeping email address information up-to-date and associated with an owner.
Kavi Members manages user authentication and controls access to Web-based tools based on types and roles assigned to the user. Lists can be configured so they are displayed on pubic pages, on Member pages, or only on Admin pages to control who can subscribe and who even knows that the list exists. Lists that only appear on Admin pages are effectively invisible to unauthorized users. Access to Web-visible archives is also controlled through Kavi Members, although all these options are configured through Kavi Mailing List Manager tools that allow administrators to add and manage lists.
Kavi Members can have the Kavi Mailing List Manager automatically subscribe a person's primary email address to certain lists, such as the Members list. If the organization collects alternate addresses and the list is configured to support a Poster List, the person's alternate email address can be automatically added to the 'Poster List'. If the individual updates one of these addresses through the Kavi Members My Account tool, the address will be automatically updated on the subscriber lists.
In contrast, when an individual uses ezmlm email address commands to subscribe under an email address that isn't in the Kavi Members database, there is no way to associate the address with the member record. Updates to email addresses in the Kavi Members database will not affect these disjointed subscriptions.
Back to topThe Kavi Mailing List Manager uses two hierarchical systems of user classification: subscriber levels are used to control access to message posting and raw archive retrieval, and member levels are used to control access to the Kavi Mailing List Manager Web pages.
There are three levels of subscribers, derived from ezmlm subscriber types. Moderators have the highest level of privileges, subscribers are next, followed by the public. Posters are a special case, as only certain kinds of lists support a Poster List, but in these cases, posters have the same posting priveleges as subscribers (i.e., they can post directly to the list).
- moderator
-
An email address subscribed to the 'Moderator List'. Privileges granted to moderators will be applied to messages sent from addresses on this list. A moderator is the most privileged kind of list user, and their posts are always accepted, although they may be sent for moderation.
Moderator's responsibilities include moderating messages submitted for posting to ensure that unwanted email does not get posted to the list. On lists that allow subscribers to post but not the public, moderators can designate the trusted public senders as posters by adding their address to the Poster List. See Moderation for more detailed information.
- subscriber
An email address subscribed to the 'Digest Subscriber' or 'Regular Subscriber' list. Privileges granted to subscribers will be applied to messages sent from addresses on these lists.
- poster
An email address subscribed to the 'Poster List', assuming the list type configuration supports the use of a Poster List. If it does, the list will post messages from addresses on the subscriber and poster lists directly to the list while rejecting public posts or sending them for moderation.
- public
-
A sender using an email address that isn't on any of the lists. This is the least privileged class of list user, and messages from public addresses are usually rejected or sent for moderation.
Even though public senders are unknown to the mailing list by definition, the individual sending from that address may be known and recognized by human list moderators. The sender may be a subscriber using an alternate email address, or a trusted contributor such as organization staff or a member of the academic or adoptor communities. List moderation can facilitate contributions from non-subscribers who should be allowed to post to the list.
There are three member levels derived from Kavi Members, but in this hierarchy a 'member' is defined as any user who appears in the Kavi Members database and can login to the My Account page.
As mentioned, Kavi Members manages user authentication and uses types and roles assigned to the user to determine the user's member level and access to Web pages. Member levels define whether lists and archives are visible on pubic or Member pages, or only on Admin pages, in which case they are effectively invisible to the general membership.
- admin
A logged-in, authentic user with administrative privileges.
- member
A logged-in, authenticated user.
- public
A user who isn't logged in, and therefore, not authenticated.
Configuration options at the list type level and list level determine what combination of access control mechanisms will apply to a specific list—in other words, how the list will behave.
Access control includes automated controls, such as automatic rejection of posts by certain levels of users, and manual controls, such as moderated posting. Moderation is used in tandem with automated access control mechanisms, as described in depth in List Moderation.
List configuration, especially configuration inherited from the underlying list type, determines the level of access a user must have in order to post, access archives or subscribe. For more information on list types and how they interact with list level settings, see List Types. For examples of preconfigured list types, see Default List Types.
Posting restrictions are designed to protect the quality of mailing list content. Access control is configured at the list type level by setting the option 'Who can post to the list?'. There are three actions that can be taken by the list when it receives a message for posting, it can post the message directly, it can send the message to the moderation queue or it can reject the message outright. List types can be configured to apply different actions to messages from different subscriber levels.
Depending on configuration, higher levels of subscribers may be granted posting privileges that lower levels do not have. The most restrictive type of list only accepts posts from address on the Moderator List, which it sends for moderation. Other list types are configured to post messages from senders on the subscriber and poster lists, but send posts from public addresses to moderation or reject them.
Public lists do not differentiate between subscriber levels, but consider all senders to be public users. However, most of these lists are moderated, so all messages are sent immediately to the moderation queue where moderators get to pick and choose whose messages will be posted to the list. Even though the public is invited to submit messages to the list, the majority of the approved posts will be from people who are known to the moderators, since moderators seldom have enough time to review every message they receive.
To see how the different list type configurations affect the ability to post, see Posting Access Tables.
Back to topThere are two options at the list type level that are used to limit the ability to subscribe. The 'Public subscription requests' option defines whether lists of this type accept subscription requests from public senders via email, and the 'Subscription model' option defines whether users are allowed subscribe themselves directly or if subscriptions can only be added by administrators (i.e., a moderated subscription process).
The 'List Availability' option at the list level is used to limit list visibility by controlling which member level pages the mailing list will be displayed upon. If set to 'public', then anyone can see and subscribe to the list through public pages. If set to 'members only', logged-in users will be able to subscribe to the list. If set to 'administrators only', the list will be virtually invisible. The list won't appear on Member pages and subscriptions will have to be added by administrators.
The 'Public subscription requests' option is set to 'No' for the private default list types, including 'Announce Only', so that all subscribe and unsubscribe actions must be performed through the web pages for private lists. This approach has several benefits, including improved user data capture and security. However, it does make subscribing and unsubscribing less convenient from the user perspective. The option is set to 'Yes' for public default list types, including 'Newsletter'.
Approximately half of the default list types have the 'Subscription model' option set to 'Open subscription model with confirmation', which allows users to subscribe themselves to lists of this type, providing the 'List Availability' option for an individual list is set to display the list to users at their member level. If the 'List Availability' option is set to 'administrators only' for a particular list, the 'open' setting at the list type level is rendered virtually meaningless. If it is set to 'public', anyone will be able to view and subscribe to the list. A public newsletter is the most common use case for this combination of settings.
The 'Closed subscription model with confirmation' setting is used for private, "invitation-only" lists. On these kinds of lists, users can only be subscribed or unsubscribed by administrators. These types of lists are well-suited for small, select groups that use the list to exchange potentially sensitive information, such as an organization's board of directors, work groups, technical committees, marketing committees and task-oriented teams. This setting is also appropriate for lists used to distribute targeted announcements to select groups of people as opposed to the general public.
The 'List Archives' option at the list type level controls access to the raw archives only. It also controls whether lists of this type will have any archives at all. Assuming this option is set so that the list type does support archives, the 'Web Archive Visibility' option at the list level determines whether an individual list will have web-viewable archives and what levels of list users will have access to these archives. For more information, see User permissions and archive access.
Depending on list configuration, raw archives may be retrieved using Email Address Commands. If access is restricted, the email must have originated from an email address subscribed at the appropriate subscriber level or above.
List type settings
- Do not archive list messages
If this option is set, the list won't have any archives at all, since web-accessible archives are based on raw archives.
- Messages archived for moderator retrieval only
To access the raw archives with email commands, the email must have originated from an email address subscribed to the Moderator List.
- Messages archived for subscriber retrieval
To access the raw archives with email commands, the email must have originated from an email address subscribed as a digest or regular subscriber.
- Messages archived for public retrieval
Anyone can use email commands to access the raw archives, providing the underlying list type accepts public email commands.
Remember that these list-level settings will be irrelevant if the 'List Archives' option at the list type level is set to 'Do not archive list messages', because lists with this type of configuration do not support archives. Period.
Note
Web archives can be hidden temporarily by editing the list when desired.
'Web Archive Visibility' settings
- Public
-
These archives are displayed in a publicly accessible area of the web site. People do not have to be logged in to see these archives.
This setting is generally used for lists that are open to public subscriptions.
- Members only
-
Users who are logged into Members will be able to see these archives.
- List subscribers
-
List subscribers will be able to see these archives when they are logged in.
- Administrators only
-
The web archives will only be visible to administrators, including company and organization administrators
Since the archives won't even be available to subscribers, this is used in cases like those described in the following item.
- Do NOT show web archives
-
The web archives will be hidden from everyone except system administrators
Since it takes some system resources to create web archives, they aren't generated unless they will be used, so this setting is only used when you need to hide web archives temporarily for a list that is not yet ready to go live, or for a committee that has been deactivated but not yet removed from the site or when some maintenance needs to be performed on the archives.
|
|
 |
|
| Chapter 3. How Mailing Lists Work |  |
Chapter 5. List Types |