[Mailman-Developers] Opening up a few can o' worms here...
Jay R. Ashworth
jra@baylink.com
Tue, 16 Jul 2002 20:49:19 -0400
On Tue, Jul 16, 2002 at 05:07:48PM -0700, Chuq Von Rospach wrote:
> in contact with the author of a message? If the archive is scrubbed, that
> info is gone. And (god forbid), you get into a legal tangle? That's your
> legal record of what was said on the mail list and who said it. If you scrub
> it, and someone does something actionable or libelous and you get a court
> order to provide that data? You're hosed.
Nope.
As long as your policies *do not change after* you receive such an
order, you are not legally liable. You're not required even to *keep8
the archives by anything I know about -- you *are* familiar with the
term "retention policy", right? :-)
> I come from a newspaper family, so I have a bias towards "you don't
> unpublish stuff, you don't change it once it's published". But I think there
> are good reasons to avoid sanitizing the archives, and instead sanitizing
> the delivery of those archives -- if only because if your policies change,
> all you need to change is the CGI. And it gives you the ability to set up
> different sets of abilities per user or per list if you want, too.
Concur. Even though it's computationally expensive, bind as late as
possible.
> > We'd obviously have to get rid of the easy access to the raw mbox
> > file, so another question is whether that's still useful.
>
> Honestly? I don't think so. I find them real kludgy. I ended up doing a new
> archiving system (one file per message) via a perl script. We're about to
> take our new search engine out of beta with the thing, finally.
I hope you're de heirarchicalizing the directories.
> > Also, what heuristic do you use to search for email addresses, and
> > what do you scrub them with?
>
> Still being worked on. Right now, I'm basically doing a
> <wordboundary><nonwhitespace>@<nonwhitespaceordot><dot>nonwhitespace><wordbo
> undary>. I don't know how strongly we'll refine it.
Some places put spaces in mailbox names -- you'd better deal with
quoted LHS's.
> > It kind of plays into Reply-To: munging doesn't it? If you won't be
> > able to reply to the original author, because we're anonymizing
> > messages, then you might as well munge Reply-To: to go back to the
> > list because that's the only posting address that makes sense.
>
> Yes (he says, grimacing).
You feel my pain. :-)
> If you sanitize the archives, I don't think it affects the list. There are
> simply NO mailtos any more in the archives.
>
> If you go the step further and anonymize the postings ON the list, so
> subscriber email addresses simply are never shown to other subscribers under
> any circumstances (ugh. Urp. I can't believe I'm saying that. This is so
> anti-community it hurts), you have no choice and reply-to has to point to
> the list, since it's the only contact point left.
Well, no: reply-to should be ADDRESS-REMOVED-FOR-SECURITY, and the pain
should be pointed at the list admin.
> If you instead turn the list server into a forwarding agent, as in:
>
> > Or should Mailman get into the anonymous resender game? There's
> > probably a lot we could do here, but given the political risks of
> > anonymous resenders, do we even want go there?
>
> Is it an anonymous remailer? We're making no pretense of anonymity here.
> We're acting as a forwarding agent, ala hotmail.com or mac.com. You mail to
> id13194@python.org, and it ends up in my mailbox. The fact that we're not
> explicitly denoting the real email address doesn't make us an anonymous
> remailer -- that'd be a policy issue, actually. I suppose you could take it
> that step further, but you could also set it up so validated subscribers
> could get to the real addresses.
That would be a bit helpful, but *does* fundamentally change what the
package is doing.
> using the remailer address in mail that leaves the site, but a subscriber
> could go to the list system and look a user up. That gets us away from the
> politics of the anonymous stuff.
But conversely, if subs can see real addresses in real messages, you're
only one step away from the harvesting problem you mentioned earlier.
> > Have you looked at SpamAssassin Chuq?
>
> See my other message. SA is a good tool, if you have someone around willing
> to update it, monitor it, and make sure it stays up to date technologically
> with current releases that are updated to match the spammers changes. Do you
> want to require SA to be installed as a requirement for Mailman? What about
> sites where they don't have an admin to keep updating it?
You don't get what you don't pay for.
Chuq, it's obvious to me that that's not a good enough answer for you.
but I'm afraid, even though I know you've put at least one long reply
to me into trying to explain why not in the past, that I still don't
get it.
Maybe it's me.
So many things are just me.
But *why isn't this the recipients' problem*?
> > Very few false positives too (usually it's
> > email amongst our postmasters talking about spam or SA ;).
> All it takes is one. Have you seen these stories?
I can synthesize some false-positive horror stories. But if you've got
a couple handy -- with real termination notices -- let 'er rip.
> > World domination of course. Because we /could/ add that stuff fairly
> > easily if we had the resources to expend on it. Would it still be
> > useable? For some audiences yes, others no. I'm fairly sure the
> > kind of anonymizing we're talking about would never fly in the Python
> > and Zope community, where as it's probably essential in a less
> > cloistered environment like lists.apple.com. Which leads me to
> > believe that we need to make it much easier to install themes or
> > styles of lists, from the paranoid anonymizer to the laissez-faire
> > discussion list.
>
> You have nailed it on the head. Which is why I brought it up. Not because
> this is the way it has to be in the future, but because all this is making
> Mailman's job a whole lot more complex (we were whining about that at work
> today, or at least I was and everyone was nodding sympathetically and
> looking for an open window -- email used to be pretty easy and straight
> forward. And now.....). But not just because all this crap is getting in the
> way, but also that fixing this crap is overkill for some environments, and
> going to be NOT ENOUGH in others.
Wow. Yeah, those two paragraphs capsulize it pretty well.
Glad *I'm* not the architect.
> > CVR> Happy Macworld Expo week, all. If you need me, I'll be in the
> > CVR> war room, beating my head against a wall.
> >
> > Any chance you could make it down to DC for a side trip? We could
> > have a Mailman hacking sprint over a few dozen steamed Maryland blue
> > crabs and some cold ones. :)
>
> Damn, that sounds good, but -- I've had to give up crab and shellfish (I've
> developed an intermitten sensitivity to it. Sigh!) and I'm staying in
> cupertino where I'll be manning the war room this week making sure buttons
> get pushed when they need pushed, and not a minute before....
You go, boy.
Cheers,
- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Baylink RFC 2100
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274
"If you don't have a dream; how're you gonna have a dream come true?"
-- Captain Sensible, The Damned (from South Pacific's "Happy Talk")