[Mailman-Users] Approve subscription requests via mail

Brad Knowles brad at shub-internet.org
Mon Nov 20 06:00:29 CET 2006

At 12:11 PM +0900 11/20/06, Stephen J. Turnbull wrote:

>  Just use the message's message id, munged into URI-compatibility if
>  necessary.  That will make it almost trivially searchable and easy to
>  verify that you've probably got the right message.  When rebuilding an
>  archive you just grovel through the old archive and build a table mapping
>  old URLs to new.

Doesn't work.  Too many MUAs out there use very non-specific strings 
for their message-ids, and you'd get too many collisions.

At a minimum, I figured that you'd need to take certain standard 
headers which are almost always present (Date, Subject, From, To, Cc, 
Message-ID, etc...), generate a cryptographic hash (MD-5, SHA-1, 
SHA-256, or whatever else you feel sufficiently comfortable with), 
and that should be a good starting point.  But it would still be just 
a starting point.  You'd still have to have a collision 
detection/avoidance algorithm.

IMO, you don't want to do a crypto hash over the body of the entire 
message, because that would take longer to calculate, and would be 
less likely to survive transmission, translation, future changes to 
the message body filtering code, etc....  You want to choose things 
that will be relatively stable and likely to survive most any kind of 
transformation that might be applied, regardless of whatever else 
might happen to the message.

>  This scheme also has the advantage that you can predict the URL having
>  only a copy of the message.  So you could put the full URL of the
>  current message in the List-Archive header (if that doesn't contravene
>  the RFC), or you could add an X-List-Archive-Current-Post-URL header.

Yup, that would be an additional useful feature.

Brad Knowles, <brad at shub-internet.org>

Trend Micro has announced that they will cancel the stop.mail-abuse.org
mail forwarding service as of 15 November 2006.  If you have an old
e-mail account for me at this domain, please make sure you correct that
with the current address.

More information about the Mailman-Users mailing list