I've started running some tests that have apparently pi**ed off a couple of
folks. It's been a while since I've followed discussions related to the
'who' command and it's equivalents, so forgive me if this has been brought
Here's the scoop: We shut off our 'who' command years ago, to ensure
spammers didn't grab our lists. But that still hasn't helped us keep our own
email addresses under control, because there are lots of servers that still
leave 'who' enabled.
So we instituted a little policy that prior to subscribing to a list, we'd
have a little probe of the server to see if the 'who'/'review'/whatever
command was disabled or not. If it's not disabled, we either choose not to
subscribe, or we use a couple of shared-office addresses that we have some
I don't see anything wrong with what we're doing, although I can see why it
might raise some concerns. I think that any potential subscriber/customer is
entitled to test a mailing list's security prior to subscribing.