Private listserve (or alternative)?
June 27, 2007 8:01 AM   Subscribe

Is there a way to privatize an email list whose members' email accounts can be read by "the man?"

I took on the responsibility of starting an email list for employees in my workplace with complaints they wished to air. Over the past year it has grown significantly, but I'm worried that because those who subscribe to the email list in general use their work email addresses--often they have no other--they are open to the possibility of the [i]higher-ups[/i] reading their complaints and discriminating against them in the future.

Is there an easy way to setup an email list so that even if the subscribers' email accounts can be read by a third party, that third party (who is NOT part of the email list) can't know the content of the emails? It would be preferable if the content of the emails sent/received via this list were unreadable [b]period[/b], but at the very least a disconnect between content and author is imperative.

I am open to creative solutions that maybe don't even involve an email list at all (i.e. a wiki, or a BBS-type system) but keep in mind that the majority of the people on this list aren't very tech-savvy and checking a message board every day for updates may not be in the realm of possibility.
posted by jckll to Computers & Internet (10 answers total)
It would be preferable if the content of the emails sent/received via this list were unreadable [b]period[/b], but at the very least a disconnect between content and author is imperative.

Use public key encryption to encrypt the content of a message with each recipient's public key (client certificate), sending the encrypted message to that recipient. Only the recipient will be able to decrypt and read the content of the message.
posted by Blazecock Pileon at 8:11 AM on June 27, 2007

It can't be done unless you can guarantee that no recipient of the e-mail ever reads/decrypts it on a company-owned machine. Otherwise, the company has access to the cleartext at display time.

No rational company would bother with such a technical solution, though. Even a perfectly encrypted e-mail going through the company's servers will make the membership of the list obvious to the company. Do you expect everybody on the list to refuse to divulge its contents, even if threatened with termination?
posted by backupjesus at 8:26 AM on June 27, 2007

Response by poster: Yeah by the way sorry about those users may not be used to posting on bulletin boards, but apparently I am :/
posted by jckll at 8:34 AM on June 27, 2007

Response by poster: And let's say that the problem of the users reading email on a company machine is one that can be overlooked; these users have been explicitly told not to check these emails at work. The company does know about the existence of the email list, and there has sort of been a "don't ask, don't tell" standoff between me (as the acknowledged ringleader) and the company, so hiding the very existence of the list is also not an issue.

And the company has said that they will not ask people about the list, or their participation--or lack thereof--in the list, which they have dutifully not done so far, but I worry that the more surreptitious route (i.e. snooping into company email accounts, remotely) is something they may stoop to.

I thought about a PGP solution, but again, I'm searching for something more suitable for technophiles.
posted by jckll at 8:38 AM on June 27, 2007

The low-tech way that occurs to me is to announce that everyone needs to participate from a non-work address. Send everyone who doesn't already have one a gmail invite (or whatever). Set your listserv to bounce any e-mail from an address. This can be pitched both as ensuring a higher level of confidentiality and minimize the impropriety where employees were using company resources to badmouth the company.

As an alternative, I'm confident there are web-based BBSs where you could set them up to send e-mail to all members by default: this would permit people to see what's going on, but not post—for that, they'd need to log onto the website. This could be a problem if people used personally identifying forum nicknames and the mail was coming to their work addresses (and it also could be a problem if they didn't, I suppose).
posted by adamrice at 8:59 AM on June 27, 2007

Gmail accounts. Seriously, is it that hard? Heck, you don't even need invites anymore!

I realize that was kinda snarky, but ... plate of beans, man, plate of beans.
posted by spaceman_spiff at 10:01 AM on June 27, 2007 don't trust the company not to snoop, but you trust it not to force people into revealing what is said on the list and you trust your coworkers to keep trusted information off company machines. Some of said coworkers cannot figure out how to set up an external e-mail account.

You need to accept that there will always be a significant risk that shared information will end up in the wrong hands. I've been on these sorts of lists with people who are both very technical and quite security-aware, and it's all well and good until someone gets fired for what they said on the "safe" list.

(He thought his GMail account would protect him, too, but he'd mentioned it in a work e-mail.)
posted by backupjesus at 10:18 AM on June 27, 2007

I'm just a little confused.

Can't you just set up an email "reflector" (listserv, whatever you want to call it) that strips the sender, and just doesn't include all the other recipients of the message when sending out? This seems like it would be the simplest solution, but I'm not clear as to whether this is what you're doing now, and you want more.

Not sure if I'm making myself clear here. Let's say we have a user, with email and his boss, You have the complaint-list reflector set up at

It should be pretty easy to configure the reflector to strip off the sender's address. So if Joe wants to complain about something, he sends an email to; the reflector software strips off the email headers and other identifying information, and sends the message back out to everyone who's subscribed to the list.

Even if Joe's boss is subscribed to the list (which isn't a bad thing, if he's a good manager he might want to have some idea of what his employees are upset about), he'll see the message as coming from, not

Unless Joe reveals his identity in his message in some way (by signing it with his name, or a distinctive email signature, or other personally identifying information), the system won't blow it for him.

It's not perfect anonymity -- the operator of the reflector could figure out which emails were sent by whom -- but it would give users a little anonymity from each other on the list.

GNU Mailman or Majordomo are two packages that perform email-reflector functions, and both can be configured for anonymous posting; in addition to these, you'll need a mailserver (I think Majordomo wants Sendmail, but it might work with Postfix also). If you've never set up or admined a mailserver before, you might want to find someone who has to help you, to keep it from becoming a spam source. Or perhaps you could use a managed system somewhere, although I don't know whether most of them (Yahoo Groups and similar) are configurable to anonymize postings to the list.
posted by Kadin2048 at 11:56 AM on June 27, 2007

Oops... I meant to say:

"If you've never set up or admined a mailserver before, you might want to find someone who can help you, to keep it from becoming a spam source."

I have no idea where I was going with the "has to." (Although, if you can find someone who has to help for some reason, all the better...)

posted by Kadin2048 at 11:59 AM on June 27, 2007

You think you're asking a technical question, hopefully with a technical solution. I can tell because you posted this to the "computers and internet" category.

But you're not. You're asking about human relations. Specifically, when you say "the majority of the people on this list aren't very tech-savvy," you're through. Because you know what? The IT people who run your corporation's servers *are* very tech-savvy, including security-savvy. If you simplify things to the point that the least tech-savvy person on the list is able to read it means that your IT people are going to be able to read it.

The only way to do this is strong encryption; *plus* enough tech-savviness on the part of the recipients to understand what precautions to take in order not compromise the decrypted text (i.e., not decrypting it on a company machine, not leaving it on their hard disk or thumb drive, not printing it out and leaving a copy, not getting their decryption password keylogged, etc); *plus* a strong desire on the part of these tech-savvy recipients to actually implement these precautions.

You haven't got any of those ingredients. You will not accomplish your goal.
posted by ikkyu2 at 1:32 AM on June 28, 2007

« Older Storing & printing photos w/o a credit card or...   |   I refuse to buy any more pull-ups Newer »
This thread is closed to new comments.