[Mailman-Users] Option to suppress senders' email addresses?

Mark Sapiro msapiro at value.net
Sun Sep 26 18:10:39 CEST 2004

Douglas McCarroll wrote:
>>     Display this where?
>My goal is to hide the sender's email address, in all places, to prevent harvest
>by spammers.
>> You can make your list anonymous (anonymous_list = Yes on the General
>> Options page) which puts the list rather than the sender in From:,
>> etc. headers. Then posters can sign their posts and provide as much or
>> as little info as they want.
>I like this option.
>> However, if you're really concerned about hiding e-mail addresses in
>> any of these cases, you'd also have to do something about Received:
>> headers in incoming posts as they can reveal things like the IP
>> address, domain and in some cases even the address of the sender.
>Even with the anonymous function? You may not be the right person to address
>this question to, but I can't help but wonder why a program like MailMan
>couldn't simply create a new email and copy only subject and body. The email
>would be from the MailMan program and only have Received headers created in its
>transit from the MailMan server to list recipients....

You're right in my case. I'm not the person to address this to. If you
want this option, the Mailman-developers list might be a better place
to discuss it.

See http://www.list.org/todo.html for the current wish list.

See http://sourceforge.net/tracker/?group_id=103&atid=350103 to view
and submit feature requests.

I wonder though if any of this is necessary. Given that the ability to
discern an original poster's e-mail address from Received: headers at
all depends on the poster's configuration and outgoing MTA and even
when an address is discernable, it may not be all together. I.e. one
header may say Received: from user at localhost and another may say
Received: from localhost by example.com and these have to be put
together to get user at example.com. Of course, some MTA's do put a note
like "envelope sender user at example.com" in the Received: header making
it easier in those cases. Note that in the case of most email sent by
me, it is possible to guess a valid e-mail address for me from the
initial Received: header, but only because the name of the machine I
use most happens to be the same as my userid at my ISP.

Anyway, given the above unreliability of getting even a single e-mail
address from Received: headers in a post, would a spammer even bother
to subscribe to a list in order to try to get addresses this way. I
wouldn't think that even a robot could earn it's keep in this way.

Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list