[Mailman-Users] AOL redacts user addresses even with VERP and full personalization enabled
Lindsay Haisley
fmouse-mailman at fmp.com
Mon Jun 18 20:10:26 CEST 2012
On Tue, 2012-06-19 at 02:11 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
> > Why would, say, hashlib.md5(recip).hexdigest() be any more or less
> > detectable than a reversible encryption?
>
> Because once the idea becomes public, anybody can check the nonesense
> strings in your headers to see if any of them hash to the user's id.
> That's a lot more difficult if you use encryption based on a secret
> key.
Very true, and a good point. A little research turned up
http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/
which is a good discussion of using AES encryption in Python. The
Crypto module seems to be standard issue with Python - no special
libraries required.
> > IMHO, AOL's days on this planet are numbered. They'll go the way of
> > Compuserve :)
>
> Yeah, I hope so. Unfortunately, where I live, NiftyServe still exists
> and its customers still put raw Shift JIS in their headers
> occasionally. I'm not going to bet on AOL's timely demise.
It took a major meteor hit to wipe out the dinosaurs!
> > I've seen Email Feedback Reports come in on posts that went out six
> > months prior. Parsing Message IDs out of this many MBs of back mail
> > logs, most of them compressed, would be hugely expensive of processing
> > time.
>
> Seriously? How many feedback reports do you get per second? Yes, it
> would be a little costly, but presumably they give something like a
> date, you can narrow it down to a few MB I would guess.
Weeeelll ... The average number of feedback reports / second received
on my servers is pretty managable, actually ;) I prefer the idea of
using Resent-Message-ID and and AES encryption on the recipient address
rather than mucking with log files. It would be nice to put this into
the Mailman structure in such a way that I could retrieve, or access the
secret key, or at least perform encryption and decryption from a
withlist script.
--
Lindsay Haisley | "The difference between a duck is because
FMP Computer Services | one leg is both the same"
512-259-1190 | - Anonymous
http://www.fmp.com |
More information about the Mailman-Users
mailing list