[Mailman-Users] Major problems with privacy and mailman lists and harvesters

Stephen J. Turnbull stephen at xemacs.org
Tue May 27 02:42:28 CEST 2008


Steve Murphy writes:

 > Yes, I know. I'm working on Asterisk, another free-software package. 
 > I bet it's the same basic situation. I'll put my code where my mouth is, 
 > if everybody agrees that it's the way to go. 

Everybody doesn't.  Me, for one.  I have no objection to people trying
to turn email into something it isn't, but I won't use it.  So make
sure it's configurable, please.

 >>> We need to rethink how we can adequately keep emails out of
 >>> spammers hands.

Feel free to waste tons of resources on that problem.<wink>

 > What I'm targeting is the "From ", and "From:" headers. Instead of them 
 > giving the actual email of the original submitter, they could simply say 
 > "whateverlist at lists.whateverdomain.com"

They already do.  However, according to the RFCs, To, CC, From, Date,
etc. are author headers.  Third parties should not be touching them
except at the behest of the author.

I don't have a problem with "implicit consent" (ie, a public statement
that mail sent to this list will be stripped of addresses), but this
does imply that until we know that 95% of the world wants
anonymization, the stripper should be off by default.  I suspect that
you won't even come close to 50%, because a large fraction of mailman
lists are announce-style anyway.

Furthermore, there are a whole bunch of other headers that you really
need to go after.  Reply-To, Sender, To, CC, some Received, the
Resent-* versions of the above as well as X-Delivered-To etc in case
of a forwarded message, all may contain inadvertant valid addresses or
mailboxes.  Reply-To is going be especially controversial, as people
who actually know what Reply-To is for and use it correctly tend to be
BOFH types who can flame until the bile leaks from the corners of
their eyes.

You'll also presumably want to strip MIME type message/rfc-822 of any
addresses it might contain, etc.

 > All emails that might appear in the body of the message itself will
 > be stripped (with [EMAIL REMOVED] type stuff to replace it, as a
 > service to list members, to help protect them from being harvested.

On some lists it's pretty common to see "see <random1234 at example.com>"
to refer to a Message-ID.  How do you propose to avoid stripping
those?  How about when somebody is trying to give an example of an
incorrectly formed address?

 > That I will do. But I'm not really into total anonymity. Just email
 > addr removal.

You're missing the point.  Stripping addresses is the main thing that
a list can guarantee as far as anonymity goes.  So people running
anonymous lists are going to know about all the technical problems
that your proposal will run into.

 > > You're continuing to make the critical mistake that everyone else does, 
 > > which is that you're trying to solve an inherently non-technical problem 
 > > with technical means. And that is a recipe for guaranteed disaster. 
 > 
 > Well, you are right to a degree. First, we could rate complete
 > email address removal as the "Ultra" privacy option for a mailing
 > list, and not everybody will opt for it, because taking a
 > discussion "offline" will not be a 1-click process.

No, in fact it will be a messy public "Yo, whoever posted that message
get in touch with me, you can find my address at <URL>."  About 80% of
which won't get any response at all.

The thing is, you complained about the Asterisk list.  Well, that's
exactly the kind of list where a vocal few (typically the project
leaders) are going to be quite opposed to such schemes.  Their
addresses are generally well-known (perhaps not their personal
addresses, but their project aliases will be).  You're proposing to
make it difficult for them to get in touch with users who are asking
for help.  How about the dorks who write "CC me, I'm not subscribed"?
We generally do want to answer their questions (perhaps after toasting
them to a nice light brown).  Etc, etc.  And people who do want to get
replies may very well end up going private and bothering those with
published addresses for that purpose since the list won't work for
them.

As I already wrote, I'm sure a lot of people want this (or will think
they do until they actually try it<wink>).  It's a worthwhile project,
but it's neither a panacea nor something that anybody "must" do.

Steve


More information about the Mailman-Users mailing list