[Mailman-Users] AOL redacts user addresses even with VERP and full personalization enabled

Lindsay Haisley fmouse-mailman at fmp.com
Tue Jun 19 16:59:26 CEST 2012 

On Tue, 2012-06-19 at 17:25 +0900, Stephen J. Turnbull wrote:
> Brad Knowles writes:
>  > On Jun 18, 2012, at 11:44 AM, Lindsay Haisley wrote:
>  > 
>  > > It might be very convenient to have what one might call EVERP, where the
>  > > recipient address is encrypted into the envelope sender address, as an
>  > > alternative choice to Mailman's VERP implementation.
> 
> It's just VERP, please.  It doesn't require any difference in MTA
> behavior at all.

EVERP = Encrypted VERP

>  > Uh, trust me -- you really don't want to get into the discussion of
>  > creating new SMTP protocol enhancements.  I was on the DRUMS WG.
>  > You really, really don't want to go there.
> 
> I don't understand the technical issue here.  VERP simply requires the
> (reasonably standard) existing feature that the final MTA ignore
> random goop in the mailbox spec if properly marked (usually with '+',
> sometimes with a '-').  As far as I know, no MTA ever checks that the
> random goop is well-formed random goop -- that's an oxymoron, isn't
> it?  If this proposal won't fly, normal VERP shouldn't, either.

Exactly.  Strictly speaking, this is a MDA issue, although the MTA must
accept mail to user-<random-goop>@example.com based on the existence of
an mail account for "user".  If "user" is a Mailman list, then what's
done with <random-goop> is Mailman's concern alone.

> And even if one does, the ones we recommend don't, right?  So somebody
> who wants to use Lindsay's proposal just needs to change MTAs.

Not really, because if the MTA and MDA will deal properly with mail
addressed to list-bounce+user=example.com at foo.com, a standard VERP
address, it will handle list-bounces+AESEncryptedAddress at foo.com.  Only
Mailman needs to extend the way it handles the VERPed address.

>From a practical point of view my EVERP proposal may not be a good
scheme for dealing with AOL's redaction policy in Email Feedback
Reports.  Although it would obviously fool the existing automated
redaction process, a radical change to the contents of the VERP address
in the envelope sender would probably attract the notice of a real
person, no matter how clueless.  Better to go with a "stealth"
Resent-Message-ID header.

-- 
Lindsay Haisley       |"Friends are like potatoes.
FMP Computer Services |    If you eat them, they die"
512-259-1190          |
http://www.fmp.com    |              - Aaron Edmund

More information about the Mailman-Users mailing list