[Mailman-Users] Redacted Email Address in Feedback Loop

Lindsay Haisley fmouse at fmp.com
Tue Aug 19 02:01:04 CEST 2014


On Mon, 2014-08-18 at 18:22 +0000, John Levine wrote:
> >I think munging the headers is a sensible practice, as it makes it
> >a little harder to listwash; the main idea of the FBL as I understand it
> >is to give you an idea when there's some kind of gross abuse, not that
> >you are required to unsubscribe anyone who complains about your mail.
> 
> Munging FBLs is actually fairly stupid, since everyone knows that any
> sender can hide coded versions of the recipient address somewhere in
> the message, and most ESPs do.
> 
> The ISPs I've talked to have told me that their lawyers say they have
> to do it because the party getting the FBL might not be the same as
> the sender, or something.

I have an automated system I built as a hack on MM to intercept FBL
messages, identify the list, the subscriber, unsubscribe the subscriber
from the list and send a notice to the list owner (thank you, withlist!
).  I brought the subject up on the MM developers' list last year some
time ago, and someone mentioned that they'd talked to AOL people who
weren't particular about this, and weren't interested in removing all
traces of the complaining subscriber address, just the obvious ones, and
they had no problem if people wanted to include the information in an
encrypted format.  So I guess it's the same with them and the redaction
is done to make the legal dept. happy.  AFAIAC, any subscriber to any
list that I host for anyone who's too clueless or lazy to use the
prescribed methods for unsubscribing from a MM list, and just hits the
"Report Spam" button, can't be dropped from the list fast enough!

My hack puts an AES encrypted concatenation of the subscriber address
and the list name in the (RFC spec'd but seldom used) Resent-Message-ID
header.  The AES secret key is stored in mm_cfg.py.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |



More information about the Mailman-Users mailing list