[Mailman-Users] Major problems with privacy and mailman lists and harvesters

Dragon dragon at crimson-dragon.com
Tue May 27 19:48:01 CEST 2008

Michael Welch wrote:
>Steve Murphy wrote at 10:03 AM 5/23/2008:
> >I've noticed in the mailman-users archives, that if I view info by 
> thread (using the mailman archives as an example,) which site is 
> 2.1.10 based, that all email addresses are present, but with a 
> simple obfuscation. (the "@" has been changed to " at ".) I can't 
> help but to think that this simple obfuscation is a joke. Any 
> harvester written in the past number of years would be smart enough 
> to capture such accurately.
>I think the Topica listserver had a great way to deal with email 
>addresses in archives. You could see a semblance of the email 
>address, but no way could you deduce the real address. If you are 
>logged into the site, each is still obscured, but is a live link 
>that opens up an email-like dialog box -- with the real address 
>still obscured. But it does send an email to the real address for 
>the obscured address.
>Pretty good way of dealing with the problem, but I have no idea if 
>something like this could be coded into Mailman archives.
---------------- End original message. ---------------------

Doing so is definitely possible, but it would require that the 
archive pages be served via a CGI program and that you have some sort 
of database of those e-mail addresses that said CGI process would access.

If I am not mistaken, I believe that there is currently a wrapper 
script that handles access control to private archives but which gets 
bypassed if the archive is public. The current architecture under 
pipermail is that the actual archive pages themselves are just static 
HTML files and the wrapper script only has the function of setting 
and checking an access token in a cookie to access them if the 
archive is private.


  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)

More information about the Mailman-Users mailing list