[Mailman-Users] AOL redacts user addresses even with VERP and full personalization enabled
Lindsay Haisley
fmouse-mailman at fmp.com
Tue Jun 19 16:59:26 CEST 2012
On Tue, 2012-06-19 at 17:25 +0900, Stephen J. Turnbull wrote:
> Brad Knowles writes:
> > On Jun 18, 2012, at 11:44 AM, Lindsay Haisley wrote:
> >
> > > It might be very convenient to have what one might call EVERP, where the
> > > recipient address is encrypted into the envelope sender address, as an
> > > alternative choice to Mailman's VERP implementation.
>
> It's just VERP, please. It doesn't require any difference in MTA
> behavior at all.
EVERP = Encrypted VERP
> > Uh, trust me -- you really don't want to get into the discussion of
> > creating new SMTP protocol enhancements. I was on the DRUMS WG.
> > You really, really don't want to go there.
>
> I don't understand the technical issue here. VERP simply requires the
> (reasonably standard) existing feature that the final MTA ignore
> random goop in the mailbox spec if properly marked (usually with '+',
> sometimes with a '-'). As far as I know, no MTA ever checks that the
> random goop is well-formed random goop -- that's an oxymoron, isn't
> it? If this proposal won't fly, normal VERP shouldn't, either.
Exactly. Strictly speaking, this is a MDA issue, although the MTA must
accept mail to user-<random-goop>@example.com based on the existence of
an mail account for "user". If "user" is a Mailman list, then what's
done with <random-goop> is Mailman's concern alone.
> And even if one does, the ones we recommend don't, right? So somebody
> who wants to use Lindsay's proposal just needs to change MTAs.
Not really, because if the MTA and MDA will deal properly with mail
addressed to list-bounce+user=example.com at foo.com, a standard VERP
address, it will handle list-bounces+AESEncryptedAddress at foo.com. Only
Mailman needs to extend the way it handles the VERPed address.
>From a practical point of view my EVERP proposal may not be a good
scheme for dealing with AOL's redaction policy in Email Feedback
Reports. Although it would obviously fool the existing automated
redaction process, a radical change to the contents of the VERP address
in the envelope sender would probably attract the notice of a real
person, no matter how clueless. Better to go with a "stealth"
Resent-Message-ID header.
--
Lindsay Haisley |"Friends are like potatoes.
FMP Computer Services | If you eat them, they die"
512-259-1190 |
http://www.fmp.com | - Aaron Edmund
More information about the Mailman-Users
mailing list