[Mailman-Developers] MTA load, custom messages, bounces

Peter W mailman-developers@python.org
Fri, 7 Dec 2001 14:36:39 -0500 

On Thu, Dec 06, 2001 at 10:14:35PM -0500, Barry A. Warsaw wrote:

> I actually don't think that MTA-directed VERPing helps us out much.
> Sure, it can give us an envelope sender that we can use for better
> bounce detection[*]

How robust is the bounce detection? Even with VERP and/or good MTAs,
is there enough smarts in the system to prevent a black hat from connecting 
to the MTA on the mailman server and using fake bounce messages to
knock someone off a list without their knowledge? 

>, but I think that the much more interesting
> personalization is content personalization.  I.e. inserting into the
> message body, footers, headers, RFC 2822 headers, etc. information

Also RFC 2369 List-* headers and in-body subscription management links. :-)

> specific to the recipient.  Only Mailman knows that data and how to
> interpolate it into the message body.

Yep. I'm glad to hear you considering this as an option, though I imagine a 
lot of folks, for good reason, want the current efficient behavior as a choice.

> [*] VERP helps with knowing exactly which address on which list is
> bouncing, but I don't think it helps much with knowing the severity of
> the bounce.

Or the authenticity. If Mailman did VERP-like customizations itself, you 
could do something like my crypto-VERP proposal, where if you sent message 
number 1234 to me, the unique return path would look something like
 peterw-usa-net-1234-033fe9dbe554a34839e1b82ec4eb5ab0-list-owner@example.com
or maybe
 list-owner+peterw-usa-net-1234-033fe9dbe554a34839e1b82ec4eb5ab0@example.com
where 033fe9dbe554a34839e1b82ec4eb5ab0 is the MD5 hash of 
peterw-usa-net-1234-secret (the MM install routine would pick a random 
phrase to be used as the secret, which would probably be long). This way, 
mailman could be quite certain if a bounce was legit, and in response to 
a recent message delivery attempt (valid bounces for old messages [> 14 
days?] could be ignored; alternately MM could use time_t instead of a 
message number, making calculations easier). Thoughts?

-Peter

-- 
I am what I am 'cause I ain't what I used to be. - S Bruton & J Fleming