Some weeks ago I wrote about a Google groups bug [1] where it was possible to get all the mail adresses from subscribed members for a Google group. I have already reported this bug [2] to Google, but there is nobody interessted in fixing it. Last evening I wrote a small script that will show you how dangerous this bug is.
How to get membership list of a Google group?
The new Google groups beta web site offers you an option to export all your subscribed members if you are the owner for that group. This option is a simple GET to following the URL (below http://groups-beta.google.com [3]):
/group/[GROUPNAME]/manage_members/MemberList.csv?Action.Export=Export+member+list
If you click on the button in the Managment tasks (Manage members -> Export member list) you will be redirected to that URL. (Note: sometimes the output is very slow, so wait up to 5 seconds to get it.)
To run the same GET command you must be an administrator of the Google group. But wouldn't it be easier to let the administrator of the group do this for you? Yes, of course, and this is very simple. Click on the Join this group link in top of the Google group, login with you Google account and add following lines to the comment box while subscribing: