Option to suppress senders' email addresses?
Hi All,
Is there any way to tell MailMan to display only the sender's name, rather than name and email address?
E.g. "Douglas McCarroll" rather than "Douglas McCarroll <douglas@brightworks.com>".
TIA
Douglas
At 9:06 AM -0400 2004-09-25, Douglas McCarroll wrote:
Is there any way to tell MailMan to display only the sender's name, rather than name and email address?
Display this where?-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755SAGE member since 1995. See <http://www.sage.org/> for more info.
Brad and Mark,
Thanks for your responses!
Brad,
Display this where?
My goal is to hide the sender's email address, in all places, to prevent harvest by spammers.
Mark,
You can make your list anonymous (anonymous_list = Yes on the General Options page) which puts the list rather than the sender in From:, etc. headers. Then posters can sign their posts and provide as much or as little info as they want.
I like this option.
However, if you're really concerned about hiding e-mail addresses in any of these cases, you'd also have to do something about Received: headers in incoming posts as they can reveal things like the IP address, domain and in some cases even the address of the sender.
Even with the anonymous function? You may not be the right person to address this question to, but I can't help but wonder why a program like MailMan couldn't simply create a new email and copy only subject and body. The email would be from the MailMan program and only have Received headers created in its transit from the MailMan server to list recipients....
Douglas
Douglas McCarroll wrote:
Brad,
Display this where?My goal is to hide the sender's email address, in all places, to prevent harvest by spammers.
Mark,
You can make your list anonymous (anonymous_list = Yes on the General Options page) which puts the list rather than the sender in From:, etc. headers. Then posters can sign their posts and provide as much or as little info as they want.
I like this option.
However, if you're really concerned about hiding e-mail addresses in any of these cases, you'd also have to do something about Received: headers in incoming posts as they can reveal things like the IP address, domain and in some cases even the address of the sender.
Even with the anonymous function? You may not be the right person to address this question to, but I can't help but wonder why a program like MailMan couldn't simply create a new email and copy only subject and body. The email would be from the MailMan program and only have Received headers created in its transit from the MailMan server to list recipients....
You're right in my case. I'm not the person to address this to. If you want this option, the Mailman-developers list might be a better place to discuss it.
See http://www.list.org/todo.html for the current wish list.
See http://sourceforge.net/tracker/?group_id=103&atid=350103 to view and submit feature requests.
I wonder though if any of this is necessary. Given that the ability to discern an original poster's e-mail address from Received: headers at all depends on the poster's configuration and outgoing MTA and even when an address is discernable, it may not be all together. I.e. one header may say Received: from user@localhost and another may say Received: from localhost by example.com and these have to be put together to get user@example.com. Of course, some MTA's do put a note like "envelope sender user@example.com" in the Received: header making it easier in those cases. Note that in the case of most email sent by me, it is possible to guess a valid e-mail address for me from the initial Received: header, but only because the name of the machine I use most happens to be the same as my userid at my ISP.
Anyway, given the above unreliability of getting even a single e-mail address from Received: headers in a post, would a spammer even bother to subscribe to a list in order to try to get addresses this way. I wouldn't think that even a robot could earn it's keep in this way.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
I wonder though if any of this is necessary.
Just as a point of clarification, you may wonder why I seem to be minimizing the importance of discernable e-mail addresses in Received: headers when I'm the one who raised the issue in the first place.
Originally, I thought you wanted to hide e-mail addresses from other list members to avoid them sending off-list flames, etc. This is a different issue from spam harvesting.
The more I think of this though, the more I think it would be appropriate for Mailman to drop the incoming Received: headers from posts to an anonymous list. Why preserve the trace of how a post got from source to list when you want to make the source anonymous?
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
The more I think of this though, the more I think it would be appropriate for Mailman to drop the incoming Received: headers from posts to an anonymous list. Why preserve the trace of how a post got from source to list when you want to make the source anonymous?
Precisely. :)
Do you know for a fact that MailMan forwards these headers in anonymous lists?
Mark Sapiro wrote:
Mark Sapiro wrote:
I wonder though if any of this is necessary.
Just as a point of clarification, you may wonder why I seem to be minimizing the importance of discernable e-mail addresses in Received: headers when I'm the one who raised the issue in the first place.
Originally, I thought you wanted to hide e-mail addresses from other list members to avoid them sending off-list flames, etc. This is a different issue from spam harvesting.
The more I think of this though, the more I think it would be appropriate for Mailman to drop the incoming Received: headers from posts to an anonymous list. Why preserve the trace of how a post got from source to list when you want to make the source anonymous?
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Douglas McCarroll wrote:
The more I think of this though, the more I think it would be appropriate for Mailman to drop the incoming Received: headers from posts to an anonymous list. Why preserve the trace of how a post got from source to list when you want to make the source anonymous?
Precisely. :)
Do you know for a fact that MailMan forwards these headers in anonymous lists?
Before posting the above, I tested this on Mailman 2.1.4, and it doesn't remove any Received: headers on anonymous lists. I don't know for sure about 2.1.5 without looking at code changes, but there's no mention of any change in the 2.1.5 NEWS file.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Sep 26, 2004, at 12:33 PM, Mark Sapiro wrote:
Before posting the above, I tested this on Mailman 2.1.4, and it doesn't remove any Received: headers on anonymous lists. I don't know for sure about 2.1.5 without looking at code changes, but there's no mention of any change in the 2.1.5 NEWS file.
I checked it on 2.1.5 with the same results.
Dan
At 9:34 AM -0700 2004-09-26, Mark Sapiro wrote:
The more I think of this though, the more I think it would be appropriate for Mailman to drop the incoming Received: headers from posts to an anonymous list. Why preserve the trace of how a post got from source to list when you want to make the source anonymous?
This makes it much more difficult to debug certain types of mail problems, including bounces and multiple deliveries of the same message, etc....
Trust me, you really don't want to go there.-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755SAGE member since 1995. See <http://www.sage.org/> for more info.
At 7:30 PM +0200 2004-09-26, Brad Knowles quoted Mark Sapiro:
The more I think of this though, the more I think it would be appropriate for Mailman to drop the incoming Received: headers from posts to an anonymous list. Why preserve the trace of how a post got from source to list when you want to make the source anonymous?
This makes it much more difficult to debug certain types of mail problems, including bounces and multiple deliveries of the same message, etc....
Besides, you have to sanitize more than just the "Received:" headers. All sorts of other headers might also expose personal information. You'd have to sanitize all headers, and copy over only the message body and subject lines.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755SAGE member since 1995. See <http://www.sage.org/> for more info.
Brad Knowles wrote:
At 7:30 PM +0200 2004-09-26, Brad Knowles quoted Mark Sapiro:
The more I think of this though, the more I think it would be appropriate for Mailman to drop the incoming Received: headers from posts to an anonymous list. Why preserve the trace of how a post got from source to list when you want to make the source anonymous?
This makes it much more difficult to debug certain types of mail problems, including bounces and multiple deliveries of the same message, etc....
Besides, you have to sanitize more than just the "Received:" headers. All sorts of other headers might also expose personal information. You'd have to sanitize all headers, and copy over only the message body and subject lines.
It appears that Cleanse.py already does a pretty good job of this including even a few known X- headers, although nothing removes addresses from To: and Cc: which could be an issue I suppose. Also, there could be any number of other X- headers that could contain anything.
If I were implementing this, which I'm not, I would add a new variable "ANONYMOUS_REMOVE_RECEIVED_HEADERS = No" in Defaults.py with comments indicating the issues with turning it on, and in Cleanse.py I would add to the anonymous_list processing, removal of received headers conditional on the above new variable.
If you were going to take the "keep only these" approach rather than the "delete these" approach, you'd have to keep more than Subject:. You'd also need to keep Mime-Version:, Content-Type: Content-Transfer-Encoding: and probably Message-Id: (although this may reveal the originating domain), In-Reply-To: (for proper archive threading), References: and Date:.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
At 12:11 PM -0700 2004-09-26, Mark Sapiro wrote:
If you were going to take the "keep only these" approach rather than the "delete these" approach, you'd have to keep more than Subject:.
If you're going to be serious about anonymizing something, you have no choice but to strip everything but certain specific headers that you know to be clean.
You'd also need to keep Mime-Version:, Content-Type: Content-Transfer-Encoding: and probably Message-Id: (although this may reveal the originating domain), In-Reply-To: (for proper archive threading), References: and Date:.
You would certainly have to remove "Message-Id:" and regenerate locally on the anonymizing mail server. I'd have to talk to certain people I know in the anonymous remailer community to see which others would also have to be removed, and find out the reasoning behind that.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755SAGE member since 1995. See <http://www.sage.org/> for more info.
My 2 cents.
This thread smacks of trying to adapt Mailman to be an anonymising
remailer and I am not sure that is a suitable objective.
Brad is right in saying that suppressing all information alluding to
the originator of a posting requires gutting the message of a fair
number of headers of value in dealing with mail problems. Not just
From: and Received: but Message-id: and others have to go.
As regards spammers acquiring email addresses to target, list archives
are probably a bigger target. A while back (MM 2.1.3) I took a punt at
some fairly aggressive measures to limit harvesting of email addresses
from Mailman list archives. The patch works but I have no idea if any
people found it of interest. See:
https://sourceforge.net/tracker/? func=detail&aid=850805&group_id=103&atid=300103
On 26 Sep 2004, at 19:33, Brad Knowles wrote:
At 7:30 PM +0200 2004-09-26, Brad Knowles quoted Mark Sapiro:
The more I think of this though, the more I think it would be appropriate for Mailman to drop the incoming Received: headers from posts to an anonymous list. Why preserve the trace of how a post
got from source to list when you want to make the source anonymous?This makes it much more difficult to debug certain types of mail problems, including bounces and multiple deliveries of the same message, etc....
Besides, you have to sanitize more than just the "Received:" headers.
All sorts of other headers might also expose personal information.
You'd have to sanitize all headers, and copy over only the message
body and subject lines.-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755SAGE member since 1995. See <http://www.sage.org/> for more info.
At 9:59 AM -0400 2004-09-26, Douglas McCarroll wrote:
Even with the anonymous function? You may not be the right person to address this question to, but I can't help but wonder why a program like MailMan couldn't simply create a new email and copy only subject and body.
This sort of thing would make it much more difficult to debug certain types of mail problems. Been there, done that.
That said, if you really want to take this kind of risk with your mail servers and your users, the code to do this sort of thing doesn't exist with Mailman today. If you want to contribute code to perform this kind of function, you're free to make that submission.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755SAGE member since 1995. See <http://www.sage.org/> for more info.
Thanks to all of you who have responded. I'm concluding that I can live with current "anonymous" functionality. :)
Douglas McCarroll wrote:
Is there any way to tell MailMan to display only the sender's name, rather than name and email address?
E.g. "Douglas McCarroll" rather than "Douglas McCarroll <douglas@brightworks.com>".
I am guessing you mean in the From: header of outgoing posts. Aside from the fact that this would violate the standard for mail messages (RFC 2822), there's no way to do this in Mailman short of hacking the Python code. And, what do you do about a message whose From: header contains only an e-mail address?
Another option if your Mailman is set to validate list membership based on envelope from rather than From: (USE_ENVELOPE_SENDER = Yes in mm_cfg.py) is the users, depending on their MUA, may be able to set their own From: for posting to the list to something like "Douglas McCarroll <>".
You can make your list anonymous (anonymous_list = Yes on the General Options page) which puts the list rather than the sender in From:, etc. headers. Then posters can sign their posts and provide as much or as little info as they want.
However, if you're really concerned about hiding e-mail addresses in any of these cases, you'd also have to do something about Received: headers in incoming posts as they can reveal things like the IP address, domain and in some cases even the address of the sender.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (5)
-
Brad Knowles -
Dan Phillips -
Douglas McCarroll -
Mark Sapiro -
Richard Barrett