[Mailman-Developers] Reply-To: handling

[J C Lawrence]

On Fri, 19 Oct 2001 15:32:44 -0700 
Chuq Von Rospach <chuqui@plaidworks.com> wrote:

> On 10/19/01 3:21 PM, "J C Lawrence" <claw@2wire.com> wrote:
>> Note: This does expose an abuse vector:
>> 
>> I don't like Bubba.
>> 
>> I send a troll to a busy list with Reply-To set to Bubba.

> Aka the "set your followup to /dev/null" on usenet hack.

> I'm of the opinion, and I don't expect to be in the majority, that
> "reply-to" should not transport through a mail list. Either the
> mail list replaces it with a list-centric one, or it deletes it.

There are three base reasons people set Reply-To:

  1) They're rewriting their From: header.

  2) They're attempting to move a thread to another forum.

  3) They're attempting to kill CC'ed posts to themselves by setting
  Reply-To to the list they're posting to.

I've already addressed the (fourth) abuse vector.  Taking the three
in order:

  #1 is not fundamentally affected by the change except that they
  now starg getting CC's.  For reasons not dissimilar to Chuq's I
  don't have much sympathy for this.  

  #2 Will work, partially.  With reply-to replacement replies would
  never see the other forum.  With reply-to extension they'll see
  both the other forum and the list list.

  #3 Won't change at all as they'll get dupe collapsed

> The real answer are aliases attached to a subscripiton)

Agreed.  Different problem tho.

> My argument is that when I send mail to the list, the list
> processes it and then sends out a new message that my message is
> the basis of it.

The debate then is how much influence a poster should have over the
disposition of such a message.  Specifically, given that a poster to
a non-reply-to list can entirely control the disposition via
reply-to, how should those abilities be curtailed for a reply-to
list?

By doing reply-to extension we're changing practice as follows:

  -- Posters can _add_ to a posts disposition list via Reply-To.
  This is different from non-reply-to lists where posters can
  entirely replace and define disposition via reply-to.

  -- Posters can attempt to move threads to a different forum.
  Essentially they can create crossposted threads via reply-to.
  Unlike non-reply-to setting lists they can't make a thread leave a
  list, they can only add another disposition.  Unlike reply-to
  replacement, you _CAN_ now have a crossposted thread.

  -- Under reply-to extension the original poster who sets reply-to
  has the ability to expose an additional address to all subsequent
  thread posts.  This can be abused, but can also be a Very Good
  Thing as it allows, for instance, a non-list-member to track and
  aprticipate in a specific thread.  Under reply-to replacement
  you'd have to be a member of the list to follow the thread (thus
  all the requests of, "Please CC me I'm not on the list").

> At that point, the original reply-to is no longer valid, it's what
> the list software says should happen that matters. As the
> bubba-hack shows, to NOT do this opens up lists to abuse in
> not-necessarily-obvious ways, and worse, you leave things in
> ambiguous states, depending on factors most users don't
> understand. Lists act differently based on whether it reply-to
> coerces and whether the original poster coerces reply-to...

This centers on the old debate:

  Is a list message an entirely new message or is it a
  continuation/version of the message which was sent to the list?

I tend to the latter version.

Yes, the Bubba hack extends an abuse which exists for non reply-to
munging lists to reply-to munging lists.

> ... and you have the issue of which coerced reply-to 'wins'.

Given RFC conformant MUAs this isn't a problem -- they all win.
Here it appears that Pine might not be conformant.  MH and NMH are
just fine.  JRA is testing out Mutt.  I assume someone with access
to Outlook will check that (I don't have access).

> How is the typical user to understand how this all works together,
> and why when they reply to a list, this happens, except when it's
> fred's message?

The arbitrary user is not affected.  He replies exactly as per
normal and, as far as his perception is concerned, it Just Works.

-- 
J C Lawrence
---------(*)                Satan, oscillate my metallic sonatas.
claw@kanga.nu               He lived as a devil, eh?
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.