[Mailman-Developers] bugtraq submission warning: email address
Chuq Von Rospach
chuqui at plaidworks.com
Thu Nov 27 14:17:34 EST 2003
On Nov 27, 2003, at 9:52 AM, Terri Oda wrote:
> Of course. We should remember that *that's* the reason not to do
It's a great example of people solving problems before they actually
define them, and throwing resources at symptoms, not really solving
what's at root cause.
Now sometimes you have no alternative than a continuing arms race of
escalation, like in the current spam/anti-spam wars. But it's always
useful to sit back and see if you can figure out what the real problem
is and whether you can circumvent it at a basic level and not just run
around patching the latest version of it.
And it's also important to not over-fix a problem. After all, there's
still nothing stopping spammers from simply subscribing to mailing
lists and harvesting addresses from postings directly, other than it's
simply easier and more anonymous to grab archives. So don't waste time
OVER-securing the archives, since that just leads to a false sense of
security anyway. If you really want to secure this, you'll have to tear
down mailman to square one, and re-engineer it to obscure mail
addresses on all traffic, and replace them with mapped addresses that
forward through the server. that means all 1to1 traffic (replies, etc)
also need to travel through the server, and effectively, Mailman starts
becoming an anonymous remailer type of beast as well as a mail server.
Which creates a whole new class of problems while solving this one...
(and yes, that's actually a design paradigm I'm noodling on, in what
little time I have to noodle right now.)
More information about the Mailman-Developers