Re: [Mailman-Developers] Correcting the display name in the recipient address
On 03/25/2016 06:06 AM, Aditya Divekar wrote:
The purpose of an anonymous list is to hide the identity of the author of a post. There is not a need on an anonymous list to hide the membership roster. There should be the normal controls on the visibility of the roster, i.e. list owners only, owners and members only or public (I'm not sure how this is handled in Postorius, I'm not up to speed there), but that is not the concern.
The concern is that a post as archived and delivered to list members should have nothing in it's headers (including things like From:, Received:, Message-ID, etc.) that identify the poster or the poster's domain. This is a function of the core. Postorius is not involved nor are the archivers as the post has been anonymized before it gets to an archiver.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Am 25. März 2016 18:16:09 MEZ, schrieb Mark Sapiro <mark@msapiro.net>:
Just for reference: postorius currently only allowed moderators to vies the members of the list.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On 3/26/16 6:01 AM, Simon Hanna wrote:
Every EMail will have a Message-ID, but the rules for generating the Message-ID (must be globally unique) tends to mean that its construction will reveal a bit about the source (very likely a domain connected to the sender). It might just indicate that they send via gmail, and that doesn't tell you much, but with some mail systems it might actually leak out the email of the poster. (Yes, you could say just don't use those, but it is helpful to build the system to keep anonymity without people understanding this level of details).
To totally anonymize a message, you want to replace the Message-ID with one generated by the list, thus every message will have the same sort of Message-ID, removing its ability to trace back (somewhat) to the poster.
-- Richard Damon
Simon Hanna writes:
I don't know that much about email, but shouldn't each message contain a message ID?
You are correct.
The interpretation of an anonymous list is subtle when it starts interacting with RFCs, which generally assume that mail has an author who wants to be identified. The assumption is that the list is granted permission by each poster to redact any identifying information, including the Message-ID which usually contains the originating domain in order to ensure global uniqueness. In some cases there's a unique format to the local part, which identifies the MTA or even (when customized) the host. Of course RFC conformance is important, so we would replace the original Message-ID with a new one. Possibly we could record the old one (note that many MTAs will record the incoming Message-ID in their log, too).
Am 25. März 2016 18:16:09 MEZ, schrieb Mark Sapiro <mark@msapiro.net>:
Just for reference: postorius currently only allowed moderators to vies the members of the list.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On 3/26/16 6:01 AM, Simon Hanna wrote:
Every EMail will have a Message-ID, but the rules for generating the Message-ID (must be globally unique) tends to mean that its construction will reveal a bit about the source (very likely a domain connected to the sender). It might just indicate that they send via gmail, and that doesn't tell you much, but with some mail systems it might actually leak out the email of the poster. (Yes, you could say just don't use those, but it is helpful to build the system to keep anonymity without people understanding this level of details).
To totally anonymize a message, you want to replace the Message-ID with one generated by the list, thus every message will have the same sort of Message-ID, removing its ability to trace back (somewhat) to the poster.
-- Richard Damon
Simon Hanna writes:
I don't know that much about email, but shouldn't each message contain a message ID?
You are correct.
The interpretation of an anonymous list is subtle when it starts interacting with RFCs, which generally assume that mail has an author who wants to be identified. The assumption is that the list is granted permission by each poster to redact any identifying information, including the Message-ID which usually contains the originating domain in order to ensure global uniqueness. In some cases there's a unique format to the local part, which identifies the MTA or even (when customized) the host. Of course RFC conformance is important, so we would replace the original Message-ID with a new one. Possibly we could record the old one (note that many MTAs will record the incoming Message-ID in their log, too).
participants (4)
-
Mark Sapiro -
Richard Damon -
Simon Hanna -
Stephen J. Turnbull