[tclug-list] Reply-to on this list

Wed Mar 3 09:01:27 CST 2010

Email is a great example of inertia vs spec... Actual use, across the massive number of clients across the spectrum, rather defines the best practices rather than what RFC writers over a decade ago wanted.

I do email on 4+ platforms, including 2 mobile devices which are most definitely not going to include list-post anytime soon... As such I am in favor of the change.

-- Sent from my Palm Pre
On Mar 3, 2010 3:27, Dave Sherohman &lt;dave at sherohman.org&gt; wrote: 

On Tue, Mar 02, 2010 at 01:03:32PM -0600, Yaron wrote:

&gt; On Tue, 2 Mar 2010, Carl Wilhelm Soderstrom wrote:

&gt; &gt; I also have root access to the mailing list server, so if I wanted to be

&gt; &gt; autocratic about it I could just make the change unilaterally. However, I

&gt; &gt; think that would be rather irresponsible.

&gt; 

&gt; Well, so far we've got quite a few people saying they'd like the change, a 

&gt; couple of people saying they don't need the change, and zero people saying 

&gt; they're against it.

I've been holding my tongue thus far, as I'm no longer local to the LUG,

but, since you've said that there's nobody against it...  I'm against

it.

The canonical list of arguments against lists setting Reply-To would be

Chip Rosenthal's ""Reply-To" Munging Considered Harmful"[1], but that's

pretty ancient these days.  Google's first hit on it is a copy dated

2002, but Simon Hill's response, "Reply-To Munging Considered

Useful"[2], dates to at least 2000, so it's clearly older than that.

At some later point, Neale Pickett published ""Reply-To" Munging Still

Considered Harmful. Really."[3], in which he points out that, per RFC2822,

Reply-To is specifically to be used to indicate where the message's

author wants replies directed.  He then goes on to argue that, since the

list management software is not the author of the message, it is a

direct violation of the RFC for list software to set Reply-To.  (It

should use List-Post instead, as defined in RFC2369.  Unfortunately,

well over a decade later, clients which properly recognize List-Post

headers remain thin on the ground.)

Now that the historical archive has been presented, I'll finally get to

my reason for opposing the use of Reply-To headers by mailing list:

It's a matter of privacy and security.

Put simply, if a message which is intended to be public is sent

privately, it causes little to no harm.  As already seen on this thread,

it's easy for the recipient to include it in a public response, or the

original sender can trivially re-send it to the correct address.  The

net result is a minor inconvenience for the sender (who has to send it

twice) and possibly a minor annoyance for the private version's

recipient (who will receive two copies unless their mail software is

smart enough to filter out the duplicate).

A message intended to be private which is unintentionally made public,

on the other hand, can cause significant harm, ranging from simple

embarassment[4] to professional problems[5] to actual physical

danger[6].  Even when you consider that Reply-To munging will prevent

more problems than it causes, the potential damage caused by a single

exposure of private information is so much greater than the damage

caused by replies being unintentionally private that I believe, in the

balance, the net harm caused by Reply-To munging is greater than the net

benefit it provides.

But, like I said, I'm no longer local to the LUG and I hardly ever post

here any more, so I don't really have a dog in this fight.  My main

point is simply to present the arguments against Reply-To munging by

mailing list software because nobody else has done so.  If you decide to

start setting Reply-To headers anyhow, it's no skin off my teeth.

[1] http://www.unicom.com/pw/reply-to-harmful.html

[2] http://www.metasystema.net/essays/reply-to.mhtml

[3] http://woozle.org/~neale/papers/reply-to-still-harmful.html

[4] Someone discovering that you're going out with friends

    after lying to them about being sick

[5] A journalist accidentally revealing connections to an anonymous

    source

[6] See "Harriet Jacobs" (pseudonym), whose contacts and Google Reader

    data were automatically exposed to her abusive ex-husband by the

    Buzz launch; unfortunately, while you can find many references to

    the incident, her original rant describing it is no longer public

-- 

Dave Sherohman

_______________________________________________

TCLUG Mailing List - Minneapolis/St. Paul, Minnesota

tclug-list at mn-linux.org

http://mailman.mn-linux.org/mailman/listinfo/tclug-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100303/2d6e1338/attachment.htm 