You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/12/30 11:26:08 UTC

DO NOT REPLY [Bug 50532] New: Mail protection

https://issues.apache.org/bugzilla/show_bug.cgi?id=50532

           Summary: Mail protection
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_mbox
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: brad.revolver@gmail.com


Mail archive HTML page is generated by mod_mbox. This module must try hide the
full email address of people in messages. But as you can see below links, it
doesn't always work. 

http://mail-archives.apache.org/mod_mbox/httpd-users/200608.mbox/%3C8d423b320608160950l4ab345b1p74d76c62fe4aa42f@mail.gmail.com%3E


http://mail-archives.apache.org/mod_mbox/tomcat-users/201012.mbox/%3CAANLkTikxhDGOQZv+CDQ2hsMwQKzBAyD4wFoyv=jGJ5T4@mail.gmail.com%3E

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50532] Mail protection

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50532

Brad Revolver <br...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |brad.revolver@gmail.com

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50532] Mail protection

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50532

William A. Rowe Jr. <wr...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |enhancement

--- Comment #1 from William A. Rowe Jr. <wr...@apache.org> 2010-12-30 12:37:12 EST ---
This is because of two entirely different concepts you would benefit from
understanding.  Mail headers are well understood and easily modified without 
damage to the content of the message, and mod_mbox modifies these values.

Mail body content is not defined, and may contain semantic information relevant 
to understanding the message.  E.g. if you had java source with annotations,
or character or line number offsets of a file, or other non-email information, 
would you prefer that the semantic value of these messages were obliterated?  
What about in attachments?

My inclination is to close this as being unrealistic, but if a more serious
proposal with specific definitions were offered, they could be discussed.
Note that this will not conceal email addresses, however, since unfiltered
mail archives are available.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50532] Mail protection

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50532

--- Comment #2 from Nick Kew <ni...@webthing.com> 2010-12-30 14:07:25 EST ---
It's actually a good suggestion.  Sure, we can't reliably parse addresses in
free text, any more than other agents from desktop tools to spambots.  But we
can point a regexp at low-hanging fruit.

I'll have a think about how greedy a regexp to throw at it.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50532] Mail protection

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50532

--- Comment #3 from James Kaan Atabey <ka...@yahoo.com.tr> 2010-12-31 08:05:00 EST ---
I agree with Nick that it is the point. 

That Apache Mail Archive can at least put under protection these names as
abcxxxxxxx@noway.com.

Besides preventing so much problems (such as security, spam) from occurring, I
also think that it is important for the Apache's own reputation. Because those
messages are taken and parsed right away by so many 3rd. parties. Even some of
those 3rd parties are reliable, we are not sure about all of them. 

I am pretty sure that there are so many spam/security victims which are waiting
to hear that this problem has been fixed.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org