On Thu, Dec 06, 2001 at 10:14:35PM -0500, Barry A. Warsaw wrote:
I actually don't think that MTA-directed VERPing helps us out much. Sure, it can give us an envelope sender that we can use for better bounce detection[*]
How robust is the bounce detection? Even with VERP and/or good MTAs, is there enough smarts in the system to prevent a black hat from connecting to the MTA on the mailman server and using fake bounce messages to knock someone off a list without their knowledge?
, but I think that the much more interesting personalization is content personalization. I.e. inserting into the message body, footers, headers, RFC 2822 headers, etc. information
Also RFC 2369 List-* headers and in-body subscription management links. :-)
specific to the recipient. Only Mailman knows that data and how to interpolate it into the message body.
Yep. I'm glad to hear you considering this as an option, though I imagine a lot of folks, for good reason, want the current efficient behavior as a choice.
[*] VERP helps with knowing exactly which address on which list is bouncing, but I don't think it helps much with knowing the severity of the bounce.
Or the authenticity. If Mailman did VERP-like customizations itself, you could do something like my crypto-VERP proposal, where if you sent message number 1234 to me, the unique return path would look something like peterw-usa-net-1234-033fe9dbe554a34839e1b82ec4eb5ab0-list-owner@example.com or maybe list-owner+peterw-usa-net-1234-033fe9dbe554a34839e1b82ec4eb5ab0@example.com where 033fe9dbe554a34839e1b82ec4eb5ab0 is the MD5 hash of peterw-usa-net-1234-secret (the MM install routine would pick a random phrase to be used as the secret, which would probably be long). This way, mailman could be quite certain if a bounce was legit, and in response to a recent message delivery attempt (valid bounces for old messages [> 14 days?] could be ignored; alternately MM could use time_t instead of a message number, making calculations easier). Thoughts?
-Peter
-- I am what I am 'cause I ain't what I used to be. - S Bruton & J Fleming