On Fri, 2005-08-26 at 03:56 -0400, Ken Raeburn wrote:
On Aug 26, 2005, at 03:14, Jeroen Massar wrote:
Indeed when some 'malicious' person would add Cc's/To's and would
instruct his SMTP to not forward to the additional addresses in the
Cc/To the users will effectively not receive the message.
But how exactly does this cause a problem?
Isn't that enough? Tricking the list software into excluding certain
people from part of a discussion, even if it's only the part sent by
one certain submitter? It gives a false impression to the other list
members that certain list members are part of the discussion when
they have quietly been left out.
Yes, which is why it might be good if the IETF Secretariat would:
* Disable the nodupes feature
That is, that per default it is disabled and folks get 'dupes'.
* Notify, once, the users who have nodupes active, that it might
affect the amount of mail they are getting, referencing or
including Keiths original message.
Does this a) sound like a good idea, then b) can this be requested?
Rest of this discussion follows but can be skipped by most folks...
If that's not bad enough, what if the message in question were forged
as being from someone who was also excluded from receiving it through
this mechanism?
<SNIP>
(Of course, if the person is offline for a
vacation or something, the same might happen. And habitually signing
one's messages may help call attention to the forgery, but we've got
a ways to go to make that commonplace.)
This part can be indeed only be solved by that simple step, which you
and I are already using: PGP sign the message.
Though privacy-folks then say 'but then I can't repudiate my message' to
which my silly answer is: either say something or don't.
I would actually be in favor of a mechanism where only PGP signed
messages get forwarded onto the list, others bounced back to the origin
stating that the sender can't be verified and that this might be because
it is not the original sender + how to setup and use PGP. This also
avoids having to check if a message from 'the iesg' actually comes from
the iesg by checking the headers. SPF will only help partially in this
case.
Malicious intent aside, it's also useful to know sometimes if the
mailing list software is somehow munging your messages in a way you
didn't intend. Stripping out attachments, converting encodings,
changing HTML to plain text, etc. (And I've seen mailman
occasionally botch some such processing, leaving empty messages, but
I don't recall the specifics at the moment, or if it's been fixed.)
They have fixed quite a number of issues in that department
fortunately ;)
I personally like the 'nodupes' feature very much as messages that I get
cc'd on, thus most likely a reply to something doesn't get caught by the
List-Id header and then sorted in the correct folder, thus ending up in
my direct-message folder on this subject so I know that it is a reply
and I need to pay attention to it.
Something semi-related, nobody complains about the fact that one can Bcc
people which thus leads to other people than indicated in the To/Cc to
read the message, not that one knows the membership of most mailinglists
but still...
Greets,
Jeroen
signature.asc
Description: This is a digitally signed message part
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf