[Mailman-Users] AOL redacts user addresses even with VERP and full personalization enabled

Lindsay Haisley fmouse-mailman at fmp.com
Mon Jun 18 18:22:17 CEST 2012 

On Mon, 2012-06-18 at 17:03 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
> 
>  > So what would be the implications of hacking an extra header into
>  > outgoing posts on lists for which personalization is enabled, say
>  > "X-Subdata", with said header containing a hash of the subscriber
>  > address to which the post is directed?
> 
> I would use Resent-Message-ID, unless the content of posts is such
> that you can get away with munging Message-ID itself.

Good suggestion.  I assume that Mailman never inserts
"Resent-Message-ID" into posts, is that correct?  I'd rather not mess
with "Message-ID" which provides a traceable path to the original
sender.

> I would also use a
> reversible encryption rather than a hash.  (Not so much because it's
> reversible, but rather because it's undetectable except insofar as
> it's different from standard Mailman.)

Suggestions, Stephen?  Why would, say, hashlib.md5(recip).hexdigest() be
any more or less detectable than a reversible encryption?

>  > This would, in theory, mostly satisfy AOL's privacy concern
> 
> I really don't think so.  It might satisfy *your* privacy concerns,
> but their "privacy" concern is absolute.

I don't give a rat's behinder about privacy on this issue, only that _I_
be able to identify the complaining recipient, based on having the
subscriber lists available, and that AOL and their minions _not_ be able
to do so.

> That's not to say you shouldn't do it, but if they catch on, they'll
> start redacting those headers, too, and quite possibly boot you from
> their feedback loop.

They've been letting VERPed subscriber addresses through their rather
scattershot redaction process for years.  I've been parsing them out of
the Sender header for about as long and automatically unsubscribing
these addresses from Mailman lists.  I could easily ignore them and stay
under AOL's radar, but I consider it a service to my customers to help
them keep their lists free of subscribers who don't want the traffic, no
matter how clueless they may be.

Doing this as a custom hack helps.  If this were implemented as a
Mailman standard option then word might indeed get back to them about
it.  Using Resent-Message-ID as a header name is a clever idea.

> As Brad points out, they simply don't care if their members get the
> mail that they want.  Or at least, they don't care about that anywhere
> near as much as they care that their members don't get mail that they
> don't want!

IMHO, AOL's days on this planet are numbered.  They'll go the way of
Compuserve :)

>  > Hacking the message ID out of mail logs to identify the subscriber seems
>  > somewhat chancier and more difficult, since mail logs roll over and
>  > eventually disappear from the system.
> 
> If you say so, but *that is under your control*.  I'd much rather make
> the effort to make my logs dependable, than depend on any cooperation
> from AOL.

I've seen Email Feedback Reports come in on posts that went out six
months prior.  Parsing Message IDs out of this many MBs of back mail
logs, most of them compressed, would be hugely expensive of processing
time.  I don't depend on cooperation from AOL, just stupidity, which
seems to be pretty dependable :)  On the other hand, the process of
dealing with these reports only happens a few times a month, at most.  

-- 
Lindsay Haisley       | "Real programmers use butterflies"
FMP Computer Services |
512-259-1190          |       - xkcd
http://www.fmp.com    |

More information about the Mailman-Users mailing list