[Mailman-Developers] bugtraq submission warning: email address
harvesting exploit
J C Lawrence
claw at kanga.nu
Sat Nov 29 08:32:17 EST 2003
On Sat, 29 Nov 2003 07:12:45 +0000
Richard Barrett <r.barrett at openinfo.co.uk> wrote:
> On 29 Nov 2003, at 00:48, J C Lawrence wrote:
>>> [ 850805 ] Aggressive anti email address harvesting measure
>> This patch appears to fail to distinguish between email addresses and
>> Message IDs.
>>
> And ...
> In the interest of simplicity it doesn't attempt to. But how important
> a matter is that?
For me, and (possibly) for Mailman v3, critical. I use Message IDs as a
primary key for my list archives, indexing and several other bits.
Changing them, at any point, breaks that.
> This is a rendering filter which leaves the underlying archived
> material intact in the archive and handles both the archive's html
> pages and the downloadable text version of the period archives. It has
> no impact on any processing undertaken at the server end on the
> archive material, which might depend on the Message IDs, thread
> identification by the archiver for instance.
For me Message IDs are both a systems-level and user-level concern. Raw
Message IDs as well as URLs containing message IDs are quoted by users
as ways to reference specific messages in the archives, additionally
Message IDs are also quoted in URLs which appear in every message, which
point to that message in the archives, etc.
> My mail reader will still identify threads in filtered, downloaded
> text archives when treated as an .mbox, although I grant that the
> chances of Message ID collisions must be increased by the filtering.
I and several others use an NNTP-based backing store (which of course
uses Message ID as a primary key as per NNTP specs) for my archives and
then render directly out of that (see prior traffic on this list wrt
MeoWWW etc). The access key for retrieving a message is its Message ID.
Touch the Message ID and the whole system breaks.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw at kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
More information about the Mailman-Developers
mailing list