[Mailman-Users] AOL redacts user addresses even with VERP and full personalization enabled

Lindsay Haisley fmouse-mailman at fmp.com
Mon Jun 18 20:10:26 CEST 2012

On Tue, 2012-06-19 at 02:11 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
>  > Why would, say, hashlib.md5(recip).hexdigest() be any more or less
>  > detectable than a reversible encryption?
> Because once the idea becomes public, anybody can check the nonesense
> strings in your headers to see if any of them hash to the user's id.
> That's a lot more difficult if you use encryption based on a secret
> key.

Very true, and a good point.  A little research turned up
which is a good discussion of using AES encryption in Python.  The
Crypto module seems to be standard issue with Python - no special
libraries required.

>  > IMHO, AOL's days on this planet are numbered.  They'll go the way of
>  > Compuserve :)
> Yeah, I hope so.  Unfortunately, where I live, NiftyServe still exists
> and its customers still put raw Shift JIS in their headers
> occasionally.  I'm not going to bet on AOL's timely demise.

It took a major meteor hit to wipe out the dinosaurs!

>  > I've seen Email Feedback Reports come in on posts that went out six
>  > months prior.  Parsing Message IDs out of this many MBs of back mail
>  > logs, most of them compressed, would be hugely expensive of processing
>  > time.
> Seriously?  How many feedback reports do you get per second?  Yes, it
> would be a little costly, but presumably they give something like a
> date, you can narrow it down to a few MB I would guess.

Weeeelll ...  The average number of feedback reports / second received
on my servers is pretty managable, actually ;)  I prefer the idea of
using Resent-Message-ID and and AES encryption on the recipient address
rather than mucking with log files.  It would be nice to put this into
the Mailman structure in such a way that I could retrieve, or access the
secret key, or at least perform encryption and decryption from a
withlist script.

Lindsay Haisley       | "The difference between a duck is because
FMP Computer Services |    one leg is both the same"
512-259-1190          |     - Anonymous
http://www.fmp.com    |

More information about the Mailman-Users mailing list