[Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Barry Warsaw barry at list.org
Tue Aug 25 12:39:29 CEST 2009

On Aug 25, 2009, at 1:35 AM, Stephen J. Turnbull wrote:

> Rich Kulawiec writes:
>> Pretending that address obfuscation in mailing list [or newsgroup]
>> archives will have any meaningful effect on this process gives
>> users a false sense of security and has zero anti-spam value.
> You're missing the point.  Our (often non-technical) users demand this
> feature.  Even our technical audience (see Siggy's parallel post for
> example) perceives benefits from obfuscation, based on empirical  
> tests.
> So you can explain why, in theory and in practice, obfuscation doesn't
> work.  But the user base will (stubbornly, if you like) refuse to
> accept your logic.

As usual, Stephen hits the nail on the head.

I can't disagree with much in Rich's post, and yet it's likely that  
we'll still obfuscate and/or conceal email addresses in the archives  
because users will demand it.  You can and should educate them, but  
this is not a battle I wish to fight because I think we can't win it.

The costs of obfuscation are 1) increased code complexity; 2) denying  
legitimate third party uses.  1) is not insignificant.  Regexp filters  
are tricky/impossible to get 100% right, but not too bad to get maybe  
90% right. They are low fidelity because scanning headers isn't  
enough; people embed email addresses in all kinds of weird places in  
the body and HTML filtering is brain hurty.  Obfuscation techniques  
will be busted so only concealment is future proof.  This is all  
pretty boring coding though.

2) is more interesting.  What kinds of uses are we talking about?  You  
see a message in an archive from three years ago and you want to  
contact the OP about it?  Why not just follow up and contact the  
mailing list?  IOW, if there was an easy way to inject yourself into  
an old thread, perhaps one that was created before you joined the  
list, wouldn't that cover a large part of the use case?

Do you want to be contacted off-list for on-list topics?  Well, things  
like an email forwarding service could solve that, although I think  
it's not worth the effort as much as the first use case.  What other  
kinds of legitimate third party uses does obfuscation/concealment  


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 832 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20090825/a6580fe6/attachment.pgp>

More information about the Mailman-Developers mailing list