On Tue, May 19, 2020 at 01:17 AM, Frank Greco wrote:

How do I get a filtered list of my group members by email domain or by "bounced email"?

In the Member List, you can filter for bouncing accounts by selecting "Bouncing" from the blue pull-down menu at upper left.

You can get a list of memberships for a given domain name by typing "gmail.com" (or whatever) in the search box at upper right and click on the adjacent magnifying glass. However, you will have to do this individually for each domain...there is no convenient way to sort the entire members list alphabetically by just the domain portion of the email address.

If using a phone, stick with landscape mode and avoid using too much zoom. The search box disappears entirely on devices with a narrow screen. 

Hope this helps,
Bruce

---

Check out the new groups.io Help Center and groups.io Owners Manual

On 2020-05-18 at 6:44:15 AM, Marv Waschke <marv@marvinwaschke.com> wrote:

In this case, users rely on the security of their email account. Many
consumer applications and services also rely on email account security. It
never hurts to remind folks to keep their email accounts secure and never
forward emails that contain links that are signs of authentication, like
links to password resets or entrance to Zoom meetings.

If you have 2FA configured for your account [1], the login link prompts for
a 2FA code. A classic less convenience, more security trade off that's
available for the more security conscious.

[1]: https://groups.io/helpcenter/membersmanual/1/understanding-groups-io-accounts/setting-account-preferences-and-viewing-account-information

--
Christopher W. <lists@cw.codes>

Bruce, I will do that.  Thank you very much.
Kevin

We're probably overthinking this. The "email me a link" button lies immediately below the regular Login [with a password] button. Not surprising that the wrong one might be tapped occasionally, especially on a phone.

Regards,
Bruce

---

Check out the new groups.io Help Center and groups.io Owners Manual

On Mon, May 18, 2020 at 08:12 AM, Nivard Ovington wrote:

Nivard

Another point that might be pertinent is that even if one logs in with a password, access is limited to 30 days from that login or last access after that login, whichever is latest.
We weren't told nor did we consider whether the person receiving the login email was inactive for over the limit.
Peter Cook, can you tell us if your member had not been online for 30 days prior to this event?
--

Bob Bellizzi

Further the systems need to have a way to reset passwords without staff
involved. Most add a couple of security questions to the page the emailed
link takes you to. The link has codes in it to say who you are, but then you
play the questions game to confirm you are you.

But this is a good sign of what level of security is needed where. Simple
list server, no questions. Your bank, a couple of questions. Corporate
services like hosting or DNS, a raft of questions.

-Ken Cameron, Member JMRI Dev Team
www.jmri.org
www.fingerlakeslivesteamers.org
www.cnymod.org
www.syracusemodelrr.org

I don't think anyone raised it as it very likely didn't happen

Has anyone here ever received a log in message without asking for it?

I certainly haven't and no one has ever mentioned it to me

I would lay odds that the subscriber whose link it was, inadvertently clicked the link without realising what it did (or ooh what does that do?)

Then they received a log in link and not realising what it was, forwarded it to the admin and as it was within 24 hours they managed to log in

I do not see it as a security risk, I see it as ignorance on the part of the users

Nivard Ovington in Cornwall (UK)

On Sun, May 17, 2020 at 10:57 AM, Peter Cook wrote:

Here is a link to log into your Groups.io account:

https://woodmoor.groups.io/loginlink/xxxxxxxxxxxxxxxxx

It will expire in 24 hours, on 05/17/2020 at 10:26am EDT,
but you'll stay logged in for 30 days, unless and until you log out.

The link is time limited. It had been a smaller time window, if I recall correctly. Is reverting to a shorter time to log in something worth asking for?

Frances
 
--
GMF wiki for help. Search box at the top of each page.

Check out the new groups.io Help Center  Use your browser to search or download the PDF.

On Sun, May 17, 2020 at 03:57 PM, Peter Cook wrote:

In response to replying to a group post, one of my members received this.

I may have overlooked something that someone has posted but IMHO the oddity in this case is that it was sent out when it neither needed to have been or should have been. As the link was applicable to the account of the person to whom it was originally sent  - albeit for reasons unknown and not obviously explicable - then there was no immediate risk to a member's security.

There is an argument that in forwarding the message with the link to an Owner or Moderator the member did risk compromising their own security, but that is not the same as Groups.io compromising it, but that forwarding is understandable if the member in question was genuinely puzzled by its arrival, which I think I would have been as well.

If the sequence of events was indeed as described in the opening post in this topic then surely the question is why did Groups.io send a log-in link to someone who had simply responded to a group message and had (we must assume) not requested such a link?

As far as I can see nobody has raised this point in their responses.

Chris

Peter-- You are right. This is a serious security compromise for convenience. Groups.io, like most consumer applications, is not highly secure. If it were, it would not be used by most of the people who use it now. When someone forgets the password to an account and is sent a link to reset their password, they engage in an insecure transaction. In a high security environment, they would undergo a lengthy in person interview, have their fingerprints taken, their retina scanned, and a DNA swab analyzed before getting a new password. If they lost their password, they would have to repeat the process and there would be a fair chance they would be permanently denied access for their carelessness. If a product like Groups.io were set up in that manner, who would use it? We make compromises for convenience. This is one of them and a common one.

In this case, users rely on the security of their email account. Many consumer applications and services also rely on email account security. It never hurts to remind folks to keep their email accounts secure and never forward emails that contain links that are signs of authentication, like links to password resets or entrance to Zoom meetings.
Best, Marv

On Sun, May 17, 2020 at 08:51 PM, Cal wrote:

On the Calendar, how do I set up a recurring annual event, like a holiday, that occurs on the nth Monday of a particular month? 

You can define a monthly event that repeats every 12 months by day of week.

Andy

On Sun, May 17, 2020 at 09:04 PM, K Ruffing wrote:

Most people entered their display name (or maybe their email host automatically did so

When someone is new to GIO, their first message should set their Display Name based on what they've set up in their email program/client.  They can always go back and change it for a specific group themselves.

Duane
--
The official Groups.io user documentation is in the Groups.io Help Center.
GMF's Unofficial Help Wiki: https://groups.io/g/GroupManagersForum/wiki

On Sun, May 17, 2020 at 08:17 PM, ro-esp wrote:

it seems rather odd that one could opt-out for special messages

You can't opt out of Special, regardless of any settings you make for email delivery.

Duane
--
The official Groups.io user documentation is in the Groups.io Help Center.
GMF's Unofficial Help Wiki: https://groups.io/g/GroupManagersForum/wiki

Thanks, Duane.

Most people entered their display name (or maybe their email host automatically did so, by default) as "first last" (not "last, first").  As group owner, I standardized the few exceptions.  The alternative was to change a few hundred entries.  Not gonna do that, government experience or not.

On Mon, May 18, 2020 at 12:50 AM, Shal Farley wrote:

Bill,

> ... but it was not included in the Full Digest.

I don't know if this relates to your observation, but keep in mind that
there is no "the" Full Digest - the digest sent to each member is built
based on each member's mute and follow choices in addition their
subscription settings. Same for plain-text digest.

So the message may have been excluded from the digest you observed due
to the specifics relating to the email address it was sent to.

err...yeah, but it seems rather odd that one could opt-out for special messages..it would defeat the purpose, wouldn't it?

groetjes/ĝis, Ronaldo

K,

This just seems like such a simple option to add.

One of the challenges to implementing it is identifying the member's last name.

The site doesn't store separate first name, last name fields. It has a single Display Name field. Different members might put anything there, including nicknames.

Farley, Shal
Shal Farley
Shal W. Farley (with or without the period)
Shal
S. Farley
Shal "shaggy" Farley (appropriate only during safer-at-home)

Those are just a few of the more common variations. Add titles, honorifics, and other name decorations and you have quite a broad range of possibilities to parse. I'm saying that it is an impossible task, maybe there's even a regex that would give a 99% valid result. But I wouldn't call it simple.

It wouldn't work right if a group allows members to sign up
anonymously (no username, or a nickname or pseudonym), but I don't;
it's one of my little prerogatives as listowner.

Hence Duane's suggestion that you enforce a last-name first format with your members.

There's a different suggestion that might work for you, and be more generally useful. There's a suggestion to allow a group to add fields to the Members list. You could add a Last Name field. It might take another suggestion to get that capability added to the Directory as well.
https://beta.groups.io/g/main/topic/72854840

From that topic I favor Duane's suggestion of making the fields configurable by the group (in terms of what they're called / used for).

Shal


--
Help: https://groups.io/helpcenter
More Help: https://groups.io/g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list

Bruce,

Gotta admit, I'm struggling to understand what Mark meant by "marking
a non-message."

Heh, I read right through that without noticing. I think that's likely to be an editing error, where he meant to say either "a message" or "a non-spam message".

Does he mean a message that had previously been deleted from the
message archive?

I guess that's a plausible interpretation, but it seems like an odd way to phrase that idea.

Shal


--
Help: https://groups.io/helpcenter
More Help: https://groups.io/g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list

Bill,

... but it was not included in the Full Digest.

I don't know if this relates to your observation, but keep in mind that there is no "the" Full Digest - the digest sent to each member is built based on each member's mute and follow choices in addition their subscription settings. Same for plain-text digest.

So the message may have been excluded from the digest you observed due to the specifics relating to the email address it was sent to.

Shal


--
Help: https://groups.io/helpcenter
More Help: https://groups.io/g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list

On Sun, May 17, 2020 at 04:13 PM, K Ruffing wrote:

I would really, really value an option to sort the member list and directory by last name.

You have to make suggestions on the beta group.  No one from GIO monitors this group.

Why not just put the display names in as last, first?  Anyone familiar with government operations should be used to that ;>)

Duane
--
The official Groups.io user documentation is in the Groups.io Help Center.
GMF's Unofficial Help Wiki: https://groups.io/g/GroupManagersForum/wiki