Mailing list moderation

Mailing lists are the virtual rooms where ASF communities live, form and grow. All formal decisions the project's PMC makes need to have an email thread (possibly with a recorded vote) as an audit trail that this was an official decision.

Dealing with

How do we create a new mailing list?

It is wise to keep the number of mailing lists per codebase the smallest possible to allow the community to reach that critical mass that is necessary to bootstrap a codebase and keep it in good shape.

At the same time, as communities grow, the need for more specialized mailing lists appears. If you think your project requires a new list:

  • Float the idea in the dev@ or users@ mailing list.
  • If there seems to be some support for the idea, request a community vote.
  • If the community approves adding a mailing list, the PMC chair or another Apache Member on the PMC can do so through the ASF Self-Service Platform

WARNING: Creating a user email list can harm a project community if the developers don't pay attention to their users and reply to their emails. One would expect a well-behaving user community to reply to one another in a civil, adult manner that is focused on whatever the list was created for, but it can take time for a community to learn and take to heart such good behavior.

How do I request changes for moderators?

File an INFRA Jira ticket or ask your PMC to send a request to the alias. If you have access to apmail, you can just change the list of subscribers to list/mod. For example, for the mod_perl developers' list that is in ~apmail/lists/, use ezmlm-list, >ezmlm-sub and ezmlm-unsub.

To determine who the existing moderators are, any committer can use the technique described in the "committers" SVN module at resources.txt.

How do I find who is subscribed to a list?

Moderators can send an email to

Anyone with access to the apmail account can run the following command to get a count of the subscribers:

ezmlm-list~/lists/project/listname| wc -l

Remember that there often are people subscribed to the digest version of the list. To find them:


However, most committers do not have access to apmail. See the notes in the "committers" SVN module ( at /docs/resources.txt for another way.

What should I do with "MODERATE" emails?

Review the mail to see if it is spam (or other severely misguided mail). If it is spam, just ignore the mail to have it silently dropped after 5 days.

To bounce non-spam with a notice to the sender, reply to the -reject address in the mail header. If you wish to include a comment with the rejection, the body of the message should look like this:

%%% Start comment
Your message goes here...
%%% End comment

If it is legitimate mail from a non-subscriber (or someone sending with a different envelope sender than the one subscribed), reply to the -accept address. If you also send mail to the -allow address (i.e. reply to all), future postings from that address will be allowed through automatically.

If there is no -allow address in the moderate requests, the list is misconfigured. Contact and ask them to enable remote administration.

See the EZMLM "Moderator's and Administrator's Manual". You can also send a request for advice to {listname} from your moderation address.

Some lists are only open to ASF committers. The moderators have methods to ensure that subscribers are committers, so subscribers can use whatever email address that they want. Moderators see the tips described in the "committers" SVN module at resources.txt.

Dealing with MODERATE requests for spam

NOTE: You may receive a moderation email that contains email identified as spam. Moderation emails containing spam emails are not spam. DO NOT report mod emails as spam because this causes our legitimate moderation email and the ASF servers themselves to lose sender reputation. Various email providers may block the ASF as a whole as a result of your action.

If the content of the MODERATE request is clearly spam, the simplest solution is just to delete the request. Do not reject it. However, if you are receiving a lot of such requests, it may perhaps be worth taking additional action.

Some SPAM emails have an opt-out link. Whether this will actually do anything useful is another matter, but it might be worth trying if the spam seems to be from a legitimate business.

To avoid revealing your personal IP address, you may wish to use an anonymizing service such as Tor.

If the spam emails are all sent from the same address (you can find the sender's address in the moderation request in the cc: area), try adding them to the 'deny' list:


You can find the sender's address in the moderation request in the cc: area:

Cc: {listname}-allow-tc.<digits>.<alphanumeric>

The sender e-mail address is contained between the '-' (hyphen) immediately following the "alphanumerics" and the '@' sign.

This is already in the correct form for use in the 'deny' subscription request, as the '@' has been changed to '='. In the example above this is:

If this address contains random alphanumerics then it is probably a short-lived address, in which case there is no point trying to use the deny list.

Allowing posts from non-subscribers

Most lists require people to subscribe in order to post messages. However, subscribers receive copies of all mails (or digests). This is obviously unsuitable for bots, or for private lists which need to accept posts from non-subscribers.

A moderator can fix this by using 'Reply All' to a moderation message from the poster. This will both 'accept' the message and 'allow' further posts.

It's also possible to set this up in advance, by subscribing the poster to the 'allow' list. For example, if you want to be able to post, use:


Replace the '@' in the sender email with '='.

Dealing with problem posts

If you have a troublesome poster, you can un-subscribe them from the list using


Send a courtesy email to them to let them know they have been unsubscribed, and why.

Occasionally you will get someone with a poorly-configured spam filter sending automated replies to the list. You can deny their postings using


Send a courtesy email suggesting how they can resolve the problem.

If an unsubscribed user was added to the moderation list and is sending spam to the list, remove them by sending an email to:


To see a list of who is allowed to post on the moderation list, send an email to {listname}

There is an opt-in configuration for problem posters, which lets you subscribe him or her to a 'sendsubscribertomod' list. It works in exactly the same way as adding or removing someone from an 'allow' or 'deny' list. File an INFRA ticket to have it enabled for your list (you don't have to use it, but having it enabled adds an option for you to consider.

To use it (once it has been enabled) do this:


All emails from this person now go to a moderator for approval before they appear in the mailing list.

Once a bad poster starts behaving in the proper manner again, feel free to 'unsubscribe' them from the 'sendsubscriberstomod' list so they can resume normal operations.

Send moderation commands from your moderator address. You can tell if you're sending from the right address by emailing the -help address (e.g., and checking if the subject of the reply contains the word "Moderator help".

Dealing with reports of missing mail

If a subscriber reports that they are not receiving some e-mails, check which ones are involved. If they are not seeing their own e-mails, note that GMail hides duplicates. Also check whether the emails could have been treated as SPAM by their e-mail client.

Dealing with reports of message bounces

If a subscriber reports getting a bounce message from ezmlm, ask them to provide the details. For example:

Hi! This is the ezmlm program.
I'm managing the mailing list.

Messages to you from the user mailing list seem to
have been bouncing
Here are the message numbers:

This can occur if the recipient's mail system has strict SPAM detection rules.

One way to find such emails is to request an index listing from ezmlm, for example by sending an email to This will show the subject, timestamp and sender of the email. That may be sufficient to identify it as spam. If not, the subject and date should make it easy to find the email in the archives.

Copyright 2023, The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
Apache® and the Apache feather logo are trademarks of The Apache Software Foundation...