Email blast management?

Avi Gross avigross at verizon.net
Mon Jan 14 16:55:54 EST 2019 

There is an old saying about getting what you paid for. Python can be free
but applications have costs.

Chris makes some valid points when saying there are existing solutions that
may be worth considering.

If someone wants to know about commercial products that do approximately
what they need and provide some level of service, they can buy it. If they
want it for free, they can create whatever they want using their own code
augmented by any free code they are legally allowed to incorporate.

But free is often not quite free. Look at the complaints about Google and
Facebook who try to make a buck (or a billion) by looking at the data you
generate and helping target advertisers or worse? Look at how the data
sometimes gets out, legally or otherwise? Some people now choose to switch
browsers after they keep seeing ads follow them everywhere for items they
once LOOKED AT and did not even buy.

Is there absolute security if you roll your own app, using python or
anything else? I seriously doubt it. Python probably is not ideal in the
sense that your source code is often readable if someone breaks into your
machine. If you were to say encrypt/decrypt some things so items are never
in plaintext on disk, your code may allow them to see what methods are used
and, if you are careless enough, may even expose the key you use.

I was involved in creating and maintaining a fairly early email product
targeted at businesses quite a few years ago. Part of my responsibility at
one point was to READ a subclass of the mail. Messages that made it into the
system but ran into problems would often end up in a junkmail category and
we needed to examine them to find out what went wrong and file modification
requests. In addition, if we could figure out how to "fix" a message and
sent it onward for delivery, we tried. An example of such an error was when
we added a heterogeneous set of machines in the worldwide network of
different types, a message that fit in memory on one might fail when passed
to/through another kind. We had to adjust the maximum size allowed to what
would fit anywhere.

The point is that someone like me with the root password could read
ANYTHING. All logs were equally available so making a list of all email
addresses or a graph showing communication chains was possible. Many
applications may be vulnerable to just one bad employee given such access.
Some may be vulnerable if just one machine in an intranet is corrupted in
some way. Again, this is not just about email but credit card use, browsing
history, etc.

But I suggest that unless you hire very experienced people to roll your own,
you risk being even less secure than with a more trusted commercial product.
Of course, if you want truly unique features, that may be a reason to have
your own.

The above is some thoughts and is not to be attacked as a suggestion to
waste money buying specific products. I am not selling anything just
reflecting on a wider issue. There seems to be very little absolute safety
in the cyber world just as there really isn't in the physical world. You
take your chances but hopefully with some idea of the risks. Someday
anything you encrypt today may become easily readable unless you use fairly
elaborate one-time pads.


-----Original Message-----
From: Python-list <python-list-bounces+avigross=verizon.net at python.org> On
Behalf Of Chris Angelico
Sent: Monday, January 14, 2019 10:25 AM
To: Python <python-list at python.org>
Subject: Re: Email blast management?

On Tue, Jan 15, 2019 at 12:53 AM Hartmut Goebel <h.goebel at goebel-consult.de>
wrote:
>
> Am 14.01.19 um 12:47 schrieb Chris Angelico:
> > It's a whole lot more respectful than keeping your own database of 
> > email addresses and then having it compromised some day.
>
> This assumes that one would not *keep* a list of customers in in company.
>

Honestly, I have no idea what you're moaning about. We don't have nearly
enough details here to say what would be _the best_ way to do things, but I
stand by my statement that services like MailChimp and Mailman are worth
looking into.

ChrisA
--
https://mail.python.org/mailman/listinfo/python-list

More information about the Python-list mailing list