[Mailman-Users] Privacy and Headers

Brad Knowles brad at stop.mail-abuse.org
Mon Aug 15 16:07:58 CEST 2005 

At 9:01 AM +0100 2005-08-15, R J Ladyman wrote:

>  I have enabled the options to hide details of posters to my lists - however,
>  subscribers can view the email headers of messages from the lists and easily
>  see who has sent not only the original message but, with the References
>  field, see who sent earlier messages. The header fields that show this
>  information are:
>
>  In-Reply-To:
>  References:

	These headers do not expose any privacy information.  They merely 
reference messages that were previously sent.  Moreover, Mailman 
doesn't construct them -- the Mail User Agents (Eudora, 
Outlook/Exchange, whatever) create these headers, and Mailman 
preserves them in order to preserve threading.


	If you feel the need to sanitize these headers, you're going to 
have to write a fair amount of code to sanitize them on inbound, and 
to make sure that they get properly preserved in their sanitized 
state every time they, or replies to them, cross the mailing list. 
Oh, and you're going to need to sanitize them in the message bodies, 
and elsewhere in the message-headers, because these two headers are 
not the only places where the contents of the Message-ID: header is 
sometimes referenced.

	In all likelihood, you're going to have to create a database to 
track inbound message-ids and their sanitized outbound versions, and 
make sure to always replace them in the appropriate manner everywhere 
they are found.  A simple hash-based scheme won't work due to the 
high probability of header collision.

	And this isn't going to do anything for all those messages where 
someone replies privately to one or more of the recipients, as well 
as posting a public copy of the message.  If authorities want to get 
that information, they can just go after the private unsanitized 
copies, based on the information you have in your sanitized versions, 
and which you cannot eliminate without eliminating the very content 
of the messages themselves.


	Being truly paranoid about this sort of thing is going to prove 
to be very expensive, time consuming, and difficult to ensure that 
there aren't any holes.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list