[Mailman-Users] AOL redacts user addresses even with VERP and full personalization enabled

Lindsay Haisley fmouse-mailman at fmp.com
Thu Jun 21 03:52:26 CEST 2012

On Wed, 2012-06-20 at 18:23 -0700, Russell Clemings wrote:
> >From the reports I've received, it looks as if they redact only from the
> headers. With personalization on, I put a "%(user_address)s" token in the
> non-digest footer and as of the last report I got (June 8) it came through
> the feedback loop intact.

This may be true, however relying on cleartext in the footer information
to identify the recipient has two problems.  

First, it restricts the freedom of the list administrator to put
whatever he/she wants in the footer, and because the form of footer
information is friable, depending on the list admin, it's impossible to
write a one-size-fits-all script to pull subscriber addresses from
Feedback Reports and deal with complaining subscribers.  Putting this
information in a header which is added depending only on whether
personalization/verp is enabled or not is independent of what the list
admin decides he/she wants subscribers to see in the footer - which
should be there for the benefit of subscribers, not list admins.  

Second, putting the subscriber's email address as cleartext in _any_
part of a post makes it subject to AOL's redaction process.  Whether or
not they are currently redacting this in footer information doesn't
mitigate the fact that they reserve the right to do so, according to
their TOS.  Changes to what is and isn't redacted over the past couple
of years indicates that they periodically change or refine this process.
It seems, however, according to their online documents, that if the
recipient address is encrypted or hashed, then it meets their spec and
won't raise objections, or redactions.  

>  I've never figured out a similar fix for digests,
> however, and that seems to be where most of the reports come from. So maybe
> there's room for a new approach there.

If the information in in the header, it's there regardless of whether a
subscriber chooses to receive digests or individual posts.

Lindsay Haisley       | "The only unchanging certainty
FMP Computer Services |    is the certainty of change"
512-259-1190          |
http://www.fmp.com    | - Ancient wisdom, all cultures

