are now using the Gmane Mail-to-News Gateway

In the past, there have been many requests to change our list to newsgroups. However, we've resisted this over the years mainly for security reasons. We're happy to announce that we now offer the ideal compromise. The lists continue unchanged for those who prefer them as they are, but in addition, list traffic is now being mirrored to the Gmane mail-to-news gateway so that those who prefer to read list traffic with a newsreader may do so. The news server groups may also be read via a web interface. Now, we understand the security concerns involved with spamming and exposing e-mail addresses to spam harvesters. Gmane offers the means to protect us from these threats and these will be discussed.

How it works

All list traffic is delivered to the Gmane server, which converts each message to NNTP compatible format. The messages are then posted to a newsgroup created for each TB! list's traffic. Though readers may post to the newsgroup using their newsreader, all messages posted directly to the newsserver are sent to the listserver after an single address challenge has been done (an address confirmation request is sent to the sender to which he has to reply before his message is forwarded to the list server). Any posts from addresses not subscribed to the mailing list server will also be rejected. As a result of this, those who read and participate in the lists solely via Gmane will still require valid list subscriptions.

To read list traffic with your favourite newsreader, point your newsreader to the server news.gmane.org . No authentication is required since posting privileges are already controlled via listserver.

The lists to subscribe to are:
TBUDL gmane.mail.the-bat.user
TBBETA gmane.mail.the-bat.beta
TBTECH gmane.mail.the-bat.devel
TBDEV gmane.mail.the-bat.plugins

The corresponding groups may also be read via a web interface by pointing your browsers to TBUDL, TBBETA, TBTECH, and TBDEV

If you do not wish for your posts to be archived indefinitely, you'll need to add one of the following headers depending on what you wish.

X-No-Archive: Yes - this header ensures that your post is removed from the newsserver after 14 days.

X-Archive: expiry=n - this header ensures that your post is removed from the newserver after a defined number of days as determined by the value 'n'. So if you wish for your messages to be removed from the server after 7 days, add the header X-Archive: expiry=7 to your message headers. If you wish for your messages never to be posted to the newsserver, then put zero as the number of days before expiry, i.e., add the header X-Archive: expiry=0 to your message headers.

Most worthy newsreaders will support the creation of these headers and yes, The Bat! supports this as well. To create these headers with The Bat!, do the following:

Go to the Preferences dialog and open the 'Message Headers' panel.
Click the 'Add' button and in the new popup, enter the header name in the RFC name field, whether it be X-No-Archive or X-Archive. For the 'Display this header field as' option, enter the header name as well.
Enable the option 'Allow to edit this field in the message editor'.
Click the OK button and exit the preferences.
Finally for your list templates, add the following macro
    %SetHeader("X-No-Archive","Yes") ... or

Important: If you wish to include both headers in your posts to the lists, the order in which these two settings are listed is very important since Gmane treats the last it sees as the one to obey. Why would you use both? Because the the lists are also archived to the www.mail-archive.com system and the X-No-Archive is used to prevent posts from appearing there. So that header should be listed first in the Message Headers preferences panel, followed by the X-Archive header. You can use the Move up / Move down buttons to change the order if necessary.

Security Issues and how they are addressed

The main security concerns with having our list traffic on a news server are

  • a) the list being spammed or less moderated and
  • b) our e-mail addresses being exposed for spam harvesters to pounce on.
Please note, that we doubt that others are more concerned about these issues than we are. We hate spam and we don't wish for our e-mail addresses to be harvested. We had a long look at Gmane, experimented, investigated, got feedback and we are confident that it provides less security concerns than our current setup which isn't at all completely secure. It's just that it's secure enough to make it not worth the effort involved for spammers to obtain our addresses.

Lets quickly deal with issue a).

All list traffic will come via the list server even if someone posts directly to the news server. The news server simply relays messages to the list server which then sends messages to the newsserver. As a result, those who post directly to the news server will require list subscriptions. For further details on how direct posts to the GMane news server are processed, read here.

Now, unto the bigger and more sensitive, issue of e-mail address security.

Our e-mail addresses are secured both via the web interface and via the news-feed. Via the web interface, any e-mail address that appears in the message body, is obfuscated in that the entire message isn't displayed. This prevents spam harvesting bots from easily retrieving your e-mail address. For an example of how it works, have a look at this


and also a capture of the page that appears when you click on the address.


In this way, the real address is presented in only human readable format.

For the news-feed, e-mail addresses both in the headers and in the message bodies are encrypted. The encrypted address does work as well, but messages sent to that address will only be relayed to your real address after the sender responds to a challenge response. An example of an encrypted address would be that for the tbudl address, i.e., tbudl@thebat.dutaint.com now becomes tbudl-exIuRIHZyFZg2hWb2wiDltBPR1lH4CV8@public.gmane.org .

For threading to work, message id's are not encrypted. TB!'s uses the domain name in the accounts e-mail address to generate message id's. This may pose concern for some posters, though we don't believe this issue will be of significance in the forseeable future. However, for those who remain uncomfortable with their address domain names being in the news post message ids, you can make TB! use a fake or other domain as an alternative.

To do this, do the following:

For the account your list folders are in, go in the account properties and replace the account's reply-to e-mail addresses domain with one you prefer using. Embelish your own domain with added bits or make something up. Now go into the account templates and for each, use the %replyto macro to enter your real address for your outbound messages, like this:

     %replyto="%fromname <%fromaddr>"%-

If you use address book specific templates, you'll need to add that template as well where you don't have it already defined.

counter footer