Setting up an email discussion list for a security-conscious community

It’s important to take the time to think through your options and make the right decisions for your knowledge-sharing community.

By Kristin Antin HURIDOCS on

The email discussion list. We’re all on one, right? (some of us are on 20+) It’s a pretty straightforward form of communication: I can send an email message to one address, and it goes out to everyone on the list, who can then reply to the entire the list. It’s this ease-of-use for the list member that makes this such a popular tool for sharing knowledge. But setting one up requires you to make a lot of important decisions that could impact the effectiveness of the list – especially if security is a concern. It’s important to take the time to think through all these options and make the right decisions for your knowledge-sharing community. This article highlights some considerations with a focus on security when selecting an email discussion list platform, configuring its settings, and laying the groundwork for effective knowledge-exchange.

Why use an email discussion list?

Lots of organisations working in human rights, transparency/accountability, and international development use email discussion lists to encourage knowledge exchange in their communities of practice, including:

And there are many reasons why it’s a great option:

  • It all happens right in your email box, which is still the place that many of us spend most of our communications hours.
  • Thus, it’s a pretty low-bandwidth tool. Even if you only get internet for 10 minutes per day, you have the ability to download email to your email client of choice.
  • An email discussion list doesn’t care what operating system or device you are using – you can get email pretty much everywhere! And some could argue it’s language agnostic to a certain extent because you can write an email in most languages.
  • If allowed, members of the discussion list can access archived emails via a browser (so it has the potential to be used as a searchable knowledge base).
  • Subscribers have control over their subscription to the list – they can unsubscribe anytime (unlike other group email strategies where you might feel like your unsubscribe requests go into a black hole – see the comic above).

As a community-builder working with human rights defenders it’s important to know: what platforms are available, what features they provide, and ways to master the configuration settings so that you achieve the appropriate balance of security, trust, usability, and effort.

Selecting the right platform

I’ve been researching email discussion list platforms for an initiative with CIVICUS called DataShift. I was surprised by how little has been written on this topic so I thought I’d share what I learned. There are so many different considerations that go into selecting an email discussion list platform (see the list of criteria on the right side of these comparison tables). For this initiative and for the purpose of this blog post, I prioritized the following criteria: cost, type of hosting (we need it to be fully hosted), ability to modify email domain (we wanted not, good security reputation, and ideally open source. Also, I tried to find platforms that cater to nonprofits and social change organizations. Here’s what I came up with:

 CostType of hostingAbility to modify email domain?Security featuresOpen source?
Electric Embers$35/mnthmanaged hostingyesgood reputation; uses Let’s Encryptyes
Google Groupsfreemanaged hostingnohttps; but what does Google do with info?no
Riseupfree (donation requested)self-hostednogood reputation; httpsyes
GroupServerfreemanaged hostingyesdepends on your server configyes
OnlineGroups.netdepends on size of listmanaged hostingyescan add httpsyes
DGroupsdepends on size of org: 500 to 1000 euros/yrmanaged hostingnounable to find info on thisunable to find info on this
GNU Mailmanfreeself-hostedyesdepends on your server configyes
Schleuderfreeself-hostedyessubscribers can communicate encrypted (and pseudonymously) among themselvesyes

Ultimately, we decided to go with Electric Embers. They have a great reputation, great customer service, great product, and even let us add our own logo and color scheme. Check it out!

(Additional note: Greenhost provides GNU Mailman for their clients (without an extra charge) so if you’re looking for a new web and/or email host, Greenhost might be a great option!)

Additional resources on selecting an email discussion list platform:

Configuration considerations

Now that you have a place to host your email discussion list, you need to decide how you want the list to grow. There are many more options beyond simply “open” or “closed” so I wanted to present it as a spectrum. Depending on your community and the objectives you have for this discussion list, you’ll want to consider the importance of: privacy/anonymity, trust, participation, usability, and resources required.

In terms of who can join the list, where should you be on the “closed ←→ open” spectrum? Below is a table with four options on this spectrum and some considerations. There is more detail about each option beneath the table.

PrivacyStrongSomewhat strongWeakNone
TrustStrongSomewhat strongSomewhat weakWeak
EngagementStrong, but limited perspectivesSomewhat strongSomewhat strong, plus new perspectivesStrong quantity of participation, but risk of low quality exchange
UsabilityStrongWeakSomewhat strongStrong
Resources RequiredFewA lot to manage invitation processSomeFew, but may require high moderation


You might have a community that simply doesn’t need to grow. Perhaps you have a group of people who attended a specific event and they want a way to keep in touch. If there’s no need to add new people, just keep the list closed (i.e. don’t allow anyone to join the list).

  • Privacy/anonymity: Having a closed list would make it difficult for members to maintain anonymity (unless the members are using pseudonyms from the beginning). Privacy of identity and information shared can be relatively secure depending on the community guidelines/rules and whether the group adheres to these rules. Furthermore, it is likely that only the subscribers would be able to access the archives which increases the level of privacy.
  • Trust: This approach offers the strongest way to maintain trust among the group because no one unknown is joining the discussion.
  • Participation/engagement: By not asking your members to invite new people, or introduce new people to the list (hypothetically) allows them to spend their limited time contributing to discussions in the list. The high level of trust should encourage more engagement, but one could also argue that engagement could be limited because of the limited number of people and viewpoints in the community.
  • Usability: Without any confusion around who gets to join, it should be pretty easy for existing members to use and know the rules!
  • Resources required: Once you set it up, you’re good to go!


This approach requires ongoing moderation, but provides a way to maintain some level of trust within the community while continuing to grow the membership. The most community-minded way to implement this would be to ask the community itself to nominate new members and allow the community an opportunity to discuss the nomination. Another approach would be to allow each community member to invite new members (this is usually an option in your discussion list platform).

  • Privacy/anonymity: Similar to the closed list configuration, most likely the privacy of the members and the communications shared between them would be strong, but anonymity would be difficult to achieve.
  • Trust: This approach is a good way to maintain trust because anyone who joins the list is theoretically part of your network (via others on the list). So if you trust the other members, you will most likely trust those who are invited by them. But trust between members will not be as strong as a closed list.
  • Participation/engagement: This approach has the potential to strike a good balance between trust among the members and new interest/excitement from newcomers.
  • Usability: The usability weakness is in the implementation of the invitation process. If it takes a lot of effort for someone to invite a new person to the list, it may become a barrier to list growth, which could impact engagement and participation.
  • Resources required: It could be a lot of work for someone or a few people to manage the nomination process, which would include: reminding people to nominate, encouraging discussion, manage the process of inviting and introducing that person to the list, etc. So if you don’t have someone willing and interested to take this on, it probably won’t work very well.


Another way to continue to grow the membership while maintaining a level of trust is to require each new member to meet a set of criteria before subscribing. You may want to create a form for each new interested member to fill out. Here’s an example form from the engine room for anyone interesting in joining their sounding board discussion list, and here’s an example from DataShift. You could also include a link to the community guidelines and ask the applicant to acknowledge that she has agrees to them. If the criteria is met (which could simply be that the person can articulate why they are interested in joining the list), then the administrator or moderator could add the subscriber to the list.

  • Privacy/anonymity: If anyone can join the list based on some agreed-upon criteria, the privacy of the members and communications are arguably weak. Anonymity would not be possible if vetting is required for someone to join the list.
  • Trust: With this approach, the community is trusting the person or organisation responsible for vetting each application. Thus, trust is not as strong as closed or invite-only, but is stronger than open.
  • Participation/engagement: Asking new members to fill out a form to express their interest before joining the list is most likely a useful hurdle — if someone doesn’t have the time to fill out the form, it’s very likely that they won’t be very participatory in the list either. It is also a small token of investment into the community (you’re not going to charge people to join, but you are going to ask something of them).
  • Usability: This approach should be pretty easy for members to use the list and for people to apply. You’ll want to define and share the required criteria for joining the list.
  • Resources required: This will require someone to regularly read through these applications and add new members to the list. Ideally the form you use will allow for email notifications. The administrator can set aside a day each week when they add new people to the list.


Would your community benefit from having many people join your email discussion list? This might be the way to go. Leaving the discussion list open for anyone to join is a great way to increase engagement around topics that aren’t particularly sensitive (more sensitive topics would probably be best discussed in a smaller, more closed list).

  • Privacy/anonymity: The privacy of members and communications could not be protected, but members could choose to remain anonymous.
  • Trust: This approach provides the lowest level of shared trust because members don’t know who is on the list.
  • Participation/engagement: Increased number of members will most likely lead to an increase in participation and engagement. It might be more challenging for the facilitator to maintain good quality exchange, however.
  • Usability: Very easy for members to use.
  • Resources required: This approach is very easy to administer and maintain, but could require a lot of facilitation and moderation. Strong community guidelines are a must for this type of list.

Other configurations to consider

Who will have access to the archived messages?

This configuration will depend on the level of privacy that is required by the community. It is important to keep in mind that most email discussion list platforms (all the ones I have researched) cannot limit a member’s access to archived messages based on when they joined the list. This means that someone who joins a list today will be able to access the archived messages from 10 years ago. Therefore, some invite-only lists might not allow anyone to access the archives so that newcomers don’t access messages that were shared before they joined.

Who will have access to see the list of subscribers?

Again, this configuration will depend on the level of privacy that is required by the community. Making the list of subscribers public might be a good way to encourage others to join (ECF is a good example of this). But if privacy is more important than growth, it’s best to limit access to this information to members of the list.

If new people are allowed to join the community, how will the community be notified (or will it)?

I haven’t seen a way to automate this step so you would have to come to an agreement with the list members about this. Here are a few options:

  • Admin/facilitator notifies list and/or introduces the new person to the community
  • The new person is required to introduce themselves (very hard to enforce)
  • If “invite-only”, the member who invited the new person introduces that person to the community
  • No introduction/notification necessary

Additional resources on selecting an email discussion list platform:

So, what am I missing? What other great platforms are out there? What else should be considered when setting up an email discussion list? Please add additional resources, platforms, important criteria, as well as any questions or comments to the comments section below!

This blog post was inspired by a small research project with Fabriders on community-building best practices.

Posted in: