[Mailman-Users] appended email addresses on probe?

Stephen J. Turnbull stephen at xemacs.org
Tue Apr 26 06:09:53 CEST 2005

>>>>> "Thomas" == Thomas Hochstein <ml at ancalagon.inka.de> writes:

    Thomas> Brad Knowles wrote:

    >> No, bounces for a mailing list should not contain more than one
    >> failed address, especially if it's a probe message -- those are
    >> always sent out to just one specific user.

    Thomas> As far as I see, Mailman was sending out non-VERPed
    Thomas> messages to that list's users. When those messages are
    Thomas> non-deliverable, the MTA will send a bounce back to the
    Thomas> listname-bounces address, and that bounce will contain
    Thomas> many or all non-deliverable addresses, as it's only one
    Thomas> outgoing message delivered to many recipients. That's just
    Thomas> how it works.

I think this analysis is correct.  But notice what that means---the
bounces are happening with many addresses at the level of Michael's
hort or ISP: either Michael's list of addresses is badly broken
(unlikely since many of the bounces were "AOL is unroutable" rather
than "no such user"), or his host/ISP is broken (or fingered as a spam
source), or his list has been fingered as a spam source or something
like that.

Since it looks like Michael is running a fairly small, opt-in list,
with that number of bounces I think Michael's list has big problems
beyond a few addresses leaking to other list members.

To catch these other problems, I wonder if it would be reasonable for
mailman to check for "large" numbers of bounces on a single post, and
send mail to the list admin in that case?

    Thomas> This bounce does not only contain the one failed address
    Thomas> the probe is send to, but also other failed addresses.

Yup.  So what's the right thing to do?  I see four possibilities:

1.  (safest) don't attach the bounce message, but save it off
    somewhere so that a human can vette it before sending it to a user
    on specific request

2.  attach only the headers of the bounce message, and save off the
    message as in 1.

3.  attach the text, but sanitize everything that looks like an email
    address or domain name

4.  attach the text, but sanitize all email addresses and domain names
    except relevant one.

School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.

More information about the Mailman-Users mailing list