[Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3
Barry Warsaw
barry at list.org
Tue Aug 25 12:39:29 CEST 2009
On Aug 25, 2009, at 1:35 AM, Stephen J. Turnbull wrote:
> Rich Kulawiec writes:
>
>> Pretending that address obfuscation in mailing list [or newsgroup]
>> archives will have any meaningful effect on this process gives
>> users a false sense of security and has zero anti-spam value.
>
> You're missing the point. Our (often non-technical) users demand this
> feature. Even our technical audience (see Siggy's parallel post for
> example) perceives benefits from obfuscation, based on empirical
> tests.
>
> So you can explain why, in theory and in practice, obfuscation doesn't
> work. But the user base will (stubbornly, if you like) refuse to
> accept your logic.
As usual, Stephen hits the nail on the head.
I can't disagree with much in Rich's post, and yet it's likely that
we'll still obfuscate and/or conceal email addresses in the archives
because users will demand it. You can and should educate them, but
this is not a battle I wish to fight because I think we can't win it.
The costs of obfuscation are 1) increased code complexity; 2) denying
legitimate third party uses. 1) is not insignificant. Regexp filters
are tricky/impossible to get 100% right, but not too bad to get maybe
90% right. They are low fidelity because scanning headers isn't
enough; people embed email addresses in all kinds of weird places in
the body and HTML filtering is brain hurty. Obfuscation techniques
will be busted so only concealment is future proof. This is all
pretty boring coding though.
2) is more interesting. What kinds of uses are we talking about? You
see a message in an archive from three years ago and you want to
contact the OP about it? Why not just follow up and contact the
mailing list? IOW, if there was an easy way to inject yourself into
an old thread, perhaps one that was created before you joined the
list, wouldn't that cover a large part of the use case?
Do you want to be contacted off-list for on-list topics? Well, things
like an email forwarding service could solve that, although I think
it's not worth the effort as much as the first use case. What other
kinds of legitimate third party uses does obfuscation/concealment
prevent?
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 832 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20090825/a6580fe6/attachment.pgp>
More information about the Mailman-Developers
mailing list