This is somewhat off topic I admit. However, I'm hoping to tap into the vast technological knowledge of the forum's members.

I'm seeking advice on setting up a mailing list, and a database for a smallish charity. At the moment we are relying upon two different spreadsheets. My ideal solution would combine the two into one (software?). I've not yet tried anything in anger but I have been told that LibreOffice is a good candidate.
Its pro's is that it solves both issues (with "Base"), it's available for both Windows and OS X, it's open source (free).
On the flipside, I've anecdotal evidence that you can only email a limited number of addresses at the same time from the database. If that's true, the limit sits about emailing 10s of people whereas I need to handle about 100+. It also requires a more recent version of Java (which would involve a major headache if I tried to update it for the time being*).

I've been looking at mail chimp (http://mailchimp.com/) but the more I read their terms and conditions, the more mental images such as Snowden and privacy creep into my mind. I've also looked at open source alternatives. But they frequently involve setting up a private database locally. I could probably do that for myself but it would make it difficult for other people to access the mailing list I think. Also, some of us use Windows, others use OS X.

It may be there is no open source alternatives that do both, at which point I'd settle for a standard mailing list where only a few approved people can send to the list.

I would be very grateful for any advice; Many thanks in advance.



* I'm not so far behind the current Java version that I am asking for trouble whenever I browse the web though.

Do you possess your own mail server? If you don't then sending out mass e-mails is a great way to get angry letters from your ISP and get their mail server blackholed as a spam vector. Even if you do own your own mail server then you risk having that one black-holed too, and there's little recourse once that happens. It can take months and months to sort out.

Also, MailChimp's security is going to be better than whatever "security," you're going to try to roll yourself. That's the comparison you should be making. You can't say some nebulous thing about "NSA, Snowden, ergo the Excel sheet sitting in this unprotected network share is totally more secure!" You have to do an honest comparison of your proposed workflow versus the professional service.

The biggest concern you should have with regard to security is that someone inside your organization is going to walk off with those e-mail addresses. MailChimp has a far lower likelihood of being a security risk for you than whatever thing you're going to try to duct tape together yourself. It also allows you to control access to that list within the organization so you don't have some intern taking it to use for phishing scams.

Your solution also has to outlive you. You're going to have to write documentation for and train other people how to use and troubleshoot your solution. You're also going to have to develop it in the first place. Spending your time re-inventing bulk e-mailing, risking your mail server or your ISP's mail server getting black-holed, and then having everyone angry with you when it's not working correctly is not a great strategy.

Just because you theoretically can put together a workflow that works temporarily doesn't mean that it's the best idea. As a former IT professional, I implore you not to reinvent stuff. There's a reason services like MailChimp exist, and it's because coordinating bulk e-mail is actually a hard problem with a lot of gotchas that can have really bad consequences.

Your mailing list might only be a few hundred right now, but I bet someone in your organization wants that to be a lot bigger. I doubt your solution is going to be able to scale effectively without running into the black hole issue I posted about above.

By not using a professional service where it's applicable you are saying, somewhat arrogantly, that you are capable of doing a better job with only part of your time at work than an entire company who's entire business is doing that thing. Your users are also not going to have any patience for the limitations of the thing that you've designed. So unless you're comfortable basically recreating MailChimp for such reasons as, "SNOWDEN!" then you probably shouldn't.

From a business and organizational standpoint you need to consider what an effective use of your time is. It's easy for these homegrown solutions to spiral out of control. Even if you're some kind of wunderkind who might be able to do a better job than a professional bulk e-mail service, it's likely not worth your time to do so.

What about Sendgrid?
What exactly do you need the database for?
Maybe you need a CRM instead.

Thank you for the long reply Erlog. Initially, it felt a bit unfair reading your reply. But I was unclear regarding my specifications. Also, while I associate "Snowden" with "privacy", perhaps more people think "Security" instead.

By charity, I should have written group of amateur musicians. We've got about 100 names, with about 40-50 showing up each week. We've been running since 1948 and given the size of our town, it (the town) would help to grow exponentially for us to reach say 200 names over the next 5-10 years.

I don't have my own email server and while some open source alternatives apparently create one of sorts, locally, it's probably beyond me to set up and definitely beyond whoever succeeds me to maintain.

All the security implications you list are perfectly valid and I do not discount any of them. Access will only be made by myself or three other people in the committee. If one of us goes rogue, it will be apparent. If a cracker targets us, it means either my employer has become compromised or someone's home network. Granted, either this could happen but it's more unlikely than likely that something did happen. If it did, I'm willing to bet money said cracker would go for something more profitable during such attack (bank details, etc).

You're absolutely right about the solution outliving me and the more complex, the more training will be required. You are also absolutely correct about what an effective use of my time would be. While I'm sure that MailChimp do their stuff way better than I ever could, I have doubts whether their services is a good match to our requirements.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

chamcham, thank you for your suggestions. I've only had a quick chance to look but SendGrid appear to be not too dissimilar to MailChimp unless I've missed something? Your suggestion about CRM (Customer Relationship Management?) sound sensible, perhaps a bit like Base of LibreOffice? Although some of the makers of the CRMs charge a (not insignificant) bit for their software.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

At the moment, the two spreadsheets are accessible to all four of us through dropbox. My thinking behind LibreOffice, is that I could possibly combine both into a Base document whilst maintaining accessibility.

Hopefully, I have been able to describe my requirements better. I have to get back to work now but later on I will reconsider my requirements. And produce a (more coherent) post.

Many thanks

-- Edit --

I neglected to say that each database entry would contain about eight fields:

Name, Instrument, Contact Details, Note(s)

deadweigh Wrote:Thank you for the long reply Erlog. Initially, it felt a bit unfair reading your reply. But I was unclear regarding my specifications. Also, while I associate "Snowden" with "privacy", perhaps more people think "Security" instead.

By charity, I should have written group of amateur musicians. We've got about 100 names, with about 40-50 showing up each week. We've been running since 1948 and given the size of our town, it (the town) would help to grow exponentially for us to reach say 200 names over the next 5-10 years.

I don't have my own email server and while some open source alternatives apparently create one of sorts, locally, it's probably beyond me to set up and definitely beyond whoever succeeds me to maintain.

All the security implications you list are perfectly valid and I do not discount any of them. Access will only be made by myself or three other people in the committee. If one of us goes rogue, it will be apparent. If a cracker targets us, it means either my employer has become compromised or someone's home network. Granted, either this could happen but it's more unlikely than likely that something did happen. If it did, I'm willing to bet money said cracker would go for something more profitable during such attack (bank details, etc).

You're absolutely right about the solution outliving me and the more complex, the more training will be required. You are also absolutely correct about what an effective use of my time would be. While I'm sure that MailChimp do their stuff way better than I ever could, I have doubts whether their services is a good match to our requirements.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

chamcham, thank you for your suggestions. I've only had a quick chance to look but SendGrid appear to be not too dissimilar to MailChimp unless I've missed something? Your suggestion about CRM (Customer Relationship Management?) sound sensible, perhaps a bit like Base of LibreOffice? Although some of the makers of the CRMs charge a (not insignificant) bit for their software.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

At the moment, the two spreadsheets are accessible to all four of us through dropbox. My thinking behind LibreOffice, is that I could possibly combine both into a Base document whilst maintaining accessibility.

Hopefully, I have been able to describe my requirements better. I have to get back to work now but later on I will reconsider my requirements. And produce a (more coherent) post.

Many thanks

-- Edit --

I neglected to say that each database entry would contain about eight fields:

Name, Instrument, Contact Details, Note(s)

So 2 spreadsheets shared through Dropbox is more secure than Mailchimp?
I'm waiting for erlog to reply to these details. He's going to have a field day.

I've also worked as an IT engineer.
When it comes to security, Dropbox is a joke and has been repeatedly criticized for its poor security.

I'm not sure if your charity is affiliated with the government.
But i doubt Dropbox would meet any government security standards.
If you ever need to keep information secure, don't put it on Dropbox.
Snowden identified Dropbox as a known NSA target.

Btw, Condoleezza Rice (former US Secretary of State) was appointed to the executive board of Dropbox in April 2014.
She is about as pro-NSA as you can get.

If you're worried about NSA surveillance, it's too late. The US government has installed
surveillance equipment at the ISP level. So all traffic through your ISP is monitored and saved.
It doesn't matter who you get your internet from, it is being tracked now. Every Google search. Every website or forum you visit. Every file your download. Every instant message. Every Social Media post. Everything.

If you want to create your own Dropbox-like service, you can use ownCloud.
You deploy it within your network and it works like Dropbox. But security will depend
on how your deploy it and your internal network's security.

Here's an article about the cloud storage providers that protect your privacy the most:
http://lifehacker.com/the-best-cloud-sto...-729639300

Snowden recommended Spideroak (http://www.spideroak.com) for cloud storage.

Spideroak doesn't store any of your passwords. If you lose or forget a password, they can't recover anything you. They have a "zero knowledge" policy. They don't store any information about the files you store. Spideroak doesn't even know what files their users are storing.

Spideroak supports LDAP/Active Directory Authentication.
So you can access the files using your Windows login account.

Yeah, my intention was not to belittle you deadweigh, and I'm glad you took it as professional advice rather than a personal attack.

chamcham Wrote:So 2 spreadsheets shared through Dropbox is more secure than Mailchimp?
I'm waiting for erlog to reply to these details. He's going to have a field day.

You said it more clearly here than I probably would have.

chamcham Wrote:So 2 spreadsheets shared through Dropbox is more secure than Mailchimp?

That's not what I wrote.

deadweigh Wrote:Thank you for the long reply Erlog. <SNIP> . But I was unclear regarding my specifications. Also, while I associate "Snowden" with "privacy",

perhaps more people think "Security" instead.

Many thanks for the links to lifehacker and spideroak, I shall investigate those.

If you are hand-rolling, storing, and self-managing anything that you expect to "grow exponentially." Don't be that idiot that forgets that data requires backup protocols. Don't lose your entire database because of a HDD crash or because of a fire at the place the server is at.