Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Tue, Aug 25, 2009 at 06:39:29AM -0400, Barry Warsaw wrote: >> So you can explain why, in theory and in practice, obfuscation doesn't >> work. But the user base will (stubbornly, if you like) refuse to >> accept your logic. > > As usual, Stephen hits the nail on the head. > > I can't disagree wi

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

--On 31 August 2009 10:15:43 -0700 C Nulk wrote: I am pretty sure allowing the raw email addresses to be available is going to go over like a lead balloon here. Here, too. Our site would probably deploy some other mailing list software. Anything (however minor) to help protect the users/c

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

--On 29 August 2009 04:19:58 + Julian Mehnle wrote: Bob Puff wrote: That's the logical progression of that argument, and is the good reason why obfuscation or even removal of parts is not only a good idea, its a necessity. Exposing raw email addresses in their normal form is real low-ha

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Barry Warsaw writes: > Let's say I just joined the XEmacs development mailing list after a > long absence. Hey, welcome back! Do you plan to return to Supercite maintenance? > I find a message in the archive from two years ago that is relevant > to an issue I'm having. I'd like to follow

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

* On 31 Aug 2009, Barry Warsaw wrote: > > Mailman will always still collect the raw data for messages sent to > the list. There are legitimate uses for allowing outsiders access > to that data (say, the list is moving and you want to migrate the > archives), so I think we always want to support

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 31, 2009, at 4:48 PM, David Champion wrote: I'm going to embracing and extend something Barry suggested in private mail. He suggested a list setting that permits signed-in list subscribers to download raw archives if they have some 'archive-approved' status. What if that is a three-way

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 31, 2009, at 4:41 PM, Dale Newfield wrote: Maybe the appropriate modifications from the original message would be to add as a "To" address the current list address iff it does not appear in the To or CC addresses in the archived message (and to re- set ReplyTo, if reply-to-munging is

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 31, 2009, at 4:39 PM, C Nulk wrote: Now, totally off-topic, anyone have a recommendation for a book on learning Python so I am no longer truly dangerous, just slightly. There are zillions of books available now for learning Python (I think there was only 1 when I first learned it 15 y

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Barry Warsaw wrote: Now I can hit 'reply' and inject myself seamlessly into that 2 year old thread. As long as the mailing list name/address hasn't migrated/changed in the interim... Good point. ...perhaps the original message munged to ensure current accuracy of the to/cc/reply-to fields?

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Barry Warsaw wrote: > On Aug 31, 2009, at 1:15 PM, C Nulk wrote: > >> I am pretty sure allowing the raw email addresses to be available is >> going to go over like a lead balloon here. Anything (however minor) to >> help protect the users/clients email addresses is helpful despite what >> others

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 31, 2009, at 3:00 PM, Dale Newfield wrote: Barry Warsaw wrote: Let's say I just joined the XEmacs development mailing list after a long absence. I find a message in the archive from two years ago that is relevant to an issue I'm having. I'd like to follow up to that message using

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Barry Warsaw wrote: Let's say I just joined the XEmacs development mailing list after a long absence. I find a message in the archive from two years ago that is relevant to an issue I'm having. I'd like to follow up to that message using my normal mail toolchain, but I found the archive page

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 31, 2009, at 1:15 PM, C Nulk wrote: I am pretty sure allowing the raw email addresses to be available is going to go over like a lead balloon here. Anything (however minor) to help protect the users/clients email addresses is helpful despite what others think. It is fine if someone c

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 29, 2009, at 3:01 AM, Stephen J. Turnbull wrote: Barry Warsaw writes: What I'm thinking is that there should be a "send me this message" link in the archive, which gets you a copy as it was originally sent to the list. That let's you jump into a conversation as if you'd been there o

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 29, 2009, at 1:10 AM, Bernd Siggy Brentrup wrote: On Fri, Aug 28, 2009 at 18:03 -0400, Barry Warsaw wrote: What I'm thinking is that there should be a "send me this message" link in the archive, which gets you a copy as it was originally sent to the list. That let's you jump into a con

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 29, 2009, at 12:21 AM, Jeff Breidenbach wrote: Yes. It is critical to keep user perception in mind. Specifically, if you don't keep email addresses off the global search engines, there will be a deluge of vocal complaints from users who neither care about nor understand the technical

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

I am pretty sure allowing the raw email addresses to be available is going to go over like a lead balloon here. Anything (however minor) to help protect the users/clients email addresses is helpful despite what others think. It is fine if someone considers the obfuscation that Mailman uses is tri

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Barry Warsaw writes: > What I'm thinking is that there should be a "send me this message" > link in the archive, which gets you a copy as it was originally sent > to the list. That let's you jump into a conversation as if you'd been > there originally. I don't understand. Do you mean

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Fri, Aug 28, 2009 at 18:03 -0400, Barry Warsaw wrote: > What I'm thinking is that there should be a "send me this message" > link in the archive, which gets you a copy as it was originally sent > to the list. That let's you jump into a conversation as if you'd > been there originally. Another

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

> > the archives, but somehow Google found it, indexed it, and the guy > threatened > me with bloody murder if I didn't take it down. Yes. It is critical to keep user perception in mind. Specifically, if you don't keep email addresses off the global search engines, there will be a deluge of vocal

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

ke it down. Sheesh. Bob -- Original Message --- From: Barry Warsaw To: Rich Kulawiec Cc: mailman-developers@python.org Sent: Fri, 28 Aug 2009 21:46:01 -0400 Subject: Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3 > Something else that occurs to m

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Something else that occurs to me. If we accept that obfuscation is worthless and stop doing it, then there's no reason we shouldn't make the raw mbox files available for anyone to download. Mailman used to do this, but we removed the feature due to user outcry. Now you can download the gz

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 25, 2009, at 8:30 AM, Stephen J. Turnbull wrote: 2) is more interesting. What kinds of uses are we talking about? You see a message in an archive from three years ago and you want to contact the OP about it? Why not just follow up and contact the mailing list? For all the reasons w

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Wed, Aug 26, 2009 at 10:57:06AM +0100, Ian Eiloart wrote: > There's recently published research which suggests that simple > obfuscation can be effective. Concealment, presumably, is more effective. > At you can download "Spamology: A Study of Spam > Origins"

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

--On 25 August 2009 21:02:01 + Julian Mehnle wrote: Bob Puff wrote: You are presuming too much on spammers as a whole. I've dealt with a couple spammers, and they just used some tools they got online that search for usern...@domain.something. Everything else is ignored. I don't for a

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Bob Puff wrote: > You are presuming too much on spammers as a whole. I've dealt with a > couple spammers, and they just used some tools they got online that > search for usern...@domain.something. Everything else is ignored. > > I don't for a minute doubt that the advanced spammers will snag > a

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Barry Warsaw writes: > 2) is more interesting. What kinds of uses are we talking about? You > see a message in an archive from three years ago and you want to > contact the OP about it? Why not just follow up and contact the > mailing list? For all the reasons why Reply-To Munging C

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Aug 25, 2009, at 1:35 AM, Stephen J. Turnbull wrote: Rich Kulawiec writes: Pretending that address obfuscation in mailing list [or newsgroup] archives will have any meaningful effect on this process gives users a false sense of security and has zero anti-spam value. You're missing the poi

[Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Rich Kulawiec writes: > Pretending that address obfuscation in mailing list [or newsgroup] > archives will have any meaningful effect on this process gives > users a false sense of security and has zero anti-spam value. You're missing the point. Our (often non-technical) users demand this fea

Re: [Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

On Mon, Aug 24, 2009 at 10:37 -0400, Rich Kulawiec wrote: > Summary: Spammers now have so many ways of "harvesting" addresses from so > many systems, and so many ways of exchanging those with each other, that > any email address which is actually used WILL eventually be harvested. > (Where what "ev

[Mailman-Developers] Proposed: remove address-obfuscation code from Mailman 3

Summary: Spammers now have so many ways of "harvesting" addresses from so many systems, and so many ways of exchanging those with each other, that any email address which is actually used WILL eventually be harvested. (Where what "eventually" means varies widely, of course, but can be expected to s