[Mailman-Users] AOL redacts user addresses even with VERP and full personalization enabled

Lindsay Haisley fmouse-mailman at fmp.com
Sun Jun 17 16:27:29 CEST 2012

On Sun, 2012-06-17 at 06:34 -0700, Brad Knowles wrote:
> I can tell you the reasons that management gave at the time I was
> working there -- it was all about the privacy of their user.  They
> said that they wanted to protect the privacy of the person who was
> complaining.
So what would be the implications of hacking an extra header into
outgoing posts on lists for which personalization is enabled, say
"X-Subdata", with said header containing a hash of the subscriber
address to which the post is directed?

This would, in theory, mostly satisfy AOL's privacy concern since a hash
is a one-way encryption and no one could determine the address unless
they already had access to the name in the form of the subscriber list
so that a hash comparison could be made.

I'm not asking for a feature from the devs since I can hack this myself,
just perhaps some insight into the implications for a list host that
handles no more than half a dozen small mailing lists, each with 1000
subscribers or less.

Hacking the message ID out of mail logs to identify the subscriber seems
somewhat chancier and more difficult, since mail logs roll over and
eventually disappear from the system.  All this stuff is scripted here,
and works unattended to unsubscribe complaining subscribers, so the
overhead is in programming, with a minimal amount in execution time.	

Lindsay Haisley       | "Real programmers use butterflies"
FMP Computer Services |
512-259-1190          |       - xkcd
http://www.fmp.com    |

More information about the Mailman-Users mailing list