3 lines summary of what follows: There is NO way that the list admin can prevent list members from putting in danger other people who ask for help to the list, so stop worrying too much about this and don't mess anymore with the headers.
On Mon, Apr 22, 2013 23:45:47 PM -0400, Michael Allan wrote: > Experts on the list advise and inform on matters such as > encrypting communications, protecting infrastructure from cyber > attack, and protecting onself from personal danger. in ~2 years I've been a subscriber here, I don't remember anything that would be in the "personal vulnerable situation" category, that is the starting point for all the concerns that follow. Anyway: > the software adds a Reply-To header pointing to L, which is the > address of the list itself. The message is then passed on to the > subscribers. The meaning of the added Reply-To header is, "Q asks > that you reply to her at L." [3] > Note that this is false information; Q does not ask that. Partly not correct (Q implicitly asked, or accepted that, the moment he or she subscribed to a MAILING LIST, that as everybody knows are places for public discussion. Especially when they have public archives), partly irrelevant: a) at least HALF of the fault in the scenario that you keep torturing yourself with is not on "P". It is on "Subscriber Q dumb enough to reply with helpful information" about a "PERSONAL VULNERABLE SITUATION" [only] to the list, instead of being mature/sensible/smart enough to: 1) answer to list ONLY in the vaguest possible terms ("I'll get back to you on that") if at all 2) send any advice that may help but provocate reply with sensitive data in a completely SEPARATE message, that the list doesn't see at all 3) eventually, post to the list for future reference a summary of general advice for cases like that, purged of personal data if a "tired and distracted" person asks for advice to a not stressed person, and the second person replies "OK, let's talk this over just on the edge of a cliff", is the distracted person the only one to blame if she falls off the cliff? In other words, the only problem and fault in your scenario is not point 4 (P replies with private info) but point 3 (Q replies with helpful info, but in a totally braindead way, when he or she should really know better) b) many people, like me, set their mail clients to recognize lists and automatically send replies to list messages ONLY to the list. Regardless of how much the admin played with the headers. c) oh, and of course there still are the people who routinely and blindly "reply to all" to whatever they get in their inbox > POSSIBLE EXPLOIT THAT INCREASES THE DANGER hmm... > Might not this exploit be perceived as feasible? yes. Just don't expect to solve it with mailing list management. If, instead, the only goal is to give Stanford and the list admin wants a legal basis to not be sued, that's OK. > While Stanford University is evaluating these safety concerns and > has yet to make a decision, it should return the configuration to > its default setting. The default setting is known to be safe. The default setting is known to provide very little of the specific safety you want, for the reasons I explained. If replying to messages from this list can put other people in danger, this is something that ALL list members must individually commit to avoid, whenever they answer. Oh, and maybe "Q" people so DUMB to not check whether they are replying on or off list when somebody's LIFE may be in danger shouldn't subscribe in the first place, should they now? So, personally I (re)vote for keeping reply-to to the list, but do as you wish because I'll keep MY email client to "Reply-to List" anyway (which proves my point), because it's infinitely more convenient than having different behavior from all the other tens of mailing lists I am subscribed to. Marco F. http://mfioretti.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech