Re: U-ZO: Re: [Exim] Malformed address on a list

Top Page
Delete this message
Reply to this message
Author: Marilyn Davis
Date:  
To: under-zo
CC: exim-users
Subject: Re: U-ZO: Re: [Exim] Malformed address on a list

On Mon, 19 Jun 2000, Jeffrey Goldberg wrote:

> [mailed only, not posted to the list]
>
> On Jun 18, 2000 Marilyn Davis <marilyn@???> wrote:
>
> > Yes, only members can post to the important one.
>
> If the addresses of the members are public ally available (via majordomo
> "who" or "which") then suppose some bad guy gets the addresses of the
> members, and then mails them directly instead of going though
> deliberate.com? None of your tools would ever come into play. I have had


You under-estimate me. ;^)

Here's documentation for "angel" and "shelter", two of the tools:

Angel
=====

Angel watches over the shoulder of any email address. It recognizes
unwanted list subscriptions and sends unsubscribe commands. It
follows the same rules as fence, reading the same three data files.

Any user anywhere who has been attacked can make a file called
".forward" in their home directory. The file should contain only one
line:

login_name, angel@your_site.com

This will cause a copy of their mail to be send to the angel address
at your site. Your alias should contain:

owner-angel: you@???
angel: "|/usr/local/majordomo/wrapper angel"

People who send their mail to your angel will find that their unwanted
subscriptions will disappear. After a few days or weeks, they can
remove their .forward file and regain their privacy.

Like fence, angel will respond to "-b" in the command line:

angel: "|/usr/local/majordomo/wrapper angel -b"

"-b" must follow "angel". It stands for "build" and instead of
unsubscribing the address from email lists, it will add the email list
to your list of goodlists.

Any problems that angel finds will be reported to the alert address
and the message will come from owner-angel.

Shelter
=======

Shelter hides an email address. It does no filtering or unsubscribing.
If in the alias file, you have

owner-shelter: you@???
charlie: "|/usr/local/majordomo/wrapper shelter -h charlie@???"

Charlie can use the address charlie@your_domain.org for incoming and
outgoing mail and no one else will know that the charlie@???
address exists.

   1.  For outgoing mail, Charlie sends all his outgoing mail to 
       charlie@your_domain.org from his hidden address, 
       charlie@???, and makes the first line in the message 
       be the destination address.  Shelter will resend the message
       to the destination address from charlie@your_domain.org


2. Incoming mail will be sent on to the hidden address.

If Charlie wants his mail filtered and unsubscription commands sent
to unwanted mail lists, add the fence to his alias:

charlie: "|/usr/local/majordomo/wrapper fence shelter -h \
         charlie@???"


----

I think this answers a lot of your comments.

>
> I never use an email address for websurfing. Why do you need to?


Some browsers+javascript can read your email address and send it to
the host. We exploit that to help people vote.

>
> I really do wish your attempts to bring direct participation to the people
> of Chiapas well.
>
> -j


Your good wishes mean a lot to me, and I'm so glad to hear that you
know so much about the Mexican situation. But, I hold no vision of
bringing democracy to the people of Chiapas; they teach us. I want
to bring their vision to the world.

Nigel contributed.

> An argument could be made under EU Data Protection Law that to expose
> your subscribers list is leaking personal data and hence an offence
> under that law. Certainly I am might displeased that one of my useful


Isn't there also a law in Europe that you cannot have a public
archive, for the same reason? And it's probably true that I am in
more danger of becoming spam-bait from writing to this list and
landing in the archive that I am from participating on
deliberate.com's lists with no web archive (though that may change).

> (ie non spam trap addresses appears to have leaked to a spammers list
> and I am getting unmissable offers that I would rather miss not to
> mention the negative effect that has on my productivity).


The "fence" only lets through mail that has the address on the To: or
Cc: line, not the Bcc. You can also tell it what other addresses you
want to let through. Want to try it? But don't other filters provide
that?

>
> The UK data protection office have made if clear that people's email
> addresses *are* personal data and so need to have care taken to protect
> privacy and that they must only be used for the purposes for which they
> were obtained etc etc. I understand that for companies there is going


And very correctly so! When people vote in one of our plebiscites, we
hide their address. When we ran the online Consulta, we didn't even
give the addresses to the EZLN unless the voter checked a box to do
so. We break no deals with our users.

> to be some form of requirement for US companies to honour EU data
> protection legislation.


Well, this Zapatista will stand against any laws that limit a
democratic list's right to autonomy. I appreciate that usual lists,
where the administrator is king, need to be protected from that
administrator, but not lists where the group has the tool to decide
things for themselves, and the administrator is committed to follow the
will of the group.

Thanks so much for your interest in our problems. This list has given
me lots to think about and lots to work on.

Marilyn Davis, Ph.D.
eVote - online polling software for email lists
http://www.deliberate.com 
marilyn@???    
+1 650 965-7121  (USA)