[Mailman-Users] AOL redacts user addresses even with VERP and full personalization enabled

Stephen J. Turnbull stephen at xemacs.org
Tue Jun 19 20:30:22 CEST 2012

Lindsay Haisley writes:

 > EVERP = Encrypted VERP

Ever heard of "Occam's Razor"?  Most folks who run Mailman lists can't
expand "VERP", and wouldn't understand the expansion when told.  It's
not obvious to me that practioners would get it right, either.  Let's
not proliferate unnecessary acronyms.

N.B. That expansion doesn't say what kind of values the "variable"
takes, although the usual implementation assumes a friendly Internet
and uses addressee mailboxes.  Wikipedia says, "However, some VERP
implementations use message number or random key as part of VERP",
which is close enough to "encrypted VERP" for me, YMMV.  It's just an
implementation detail that really only concerns implementers....

I'm not sure of this, but it seems to me that encrypted VERP should
work fine with greylisted recipients (if you can ever call the results
of greylisting "fine" :-P) as long as you don't change the encryption
key very often.

In Mailman 3, I would suppose it won't be hard to store the encrypted
form along with the rest of the user's profile.

 > >From a practical point of view my EVERP proposal may not be a good
 > scheme for dealing with AOL's redaction policy in Email Feedback
 > Reports.  Although it would obviously fool the existing automated
 > redaction process, a radical change to the contents of the VERP address
 > in the envelope sender would probably attract the notice of a real
 > person, no matter how clueless.

Ah, but we can just say "this allows us to VERP without exposing
addresses on anybody's disk; this helps protect your users' privacy."

More information about the Mailman-Users mailing list