[Mailman-Developers] Proposed: remove address-obfuscation code fromMailman 3

Stephen J. Turnbull stephen at xemacs.org
Tue Aug 25 07:44:34 CEST 2009

Justin Hopkins writes:

 > Obfuscating the email addresses is just a part of 'defense in
 > depth' - same as patching your computer, using a firewall,
 > etc. Each layer, no matter how thin, still adds something.

That's true.  Rich's argument is more subtle than a claim that
obfuscation is worth nothing, though.  It is that benefits to
obfuscation are small, and the cost is significantly larger than the
benefit.  You have to address the issue of the cost (obfuscating the
address obstructs legitimate third-party users) as well.

Note that the other strategies you mention -- patches, firewalls, etc
-- do not impose costs on third parties, only on you.

Personally, I subscribe to Rich's argument.  I do not obfuscate my own
addresses, and I argue against it when I have input into policy for
processes like archiving mailing list posts.  But Mailman needs to
serve people who have different cost/benefit tradeoffs than Rich and I
do -- I agree with you and Bernd that Mailman should provide the
facility (though I would advise against relying on it, and generally
deprecate its use, myself).

More information about the Mailman-Developers mailing list