Email is a great example of inertia vs spec... Actual use, across the massive number of clients across the spectrum, rather defines the best practices rather than what RFC writers over a decade ago wanted.<br><br>I do email on 4+ platforms, including 2 mobile devices which are most definitely not going to include list-post anytime soon... As such I am in favor of the change.<br><br><span style="font-family:Prelude, Verdana, san-serif;"><br><br></span><span id="signature"><div style="font-family: arial, sans-serif; font-size: 12px;color: #999999;">-- Sent from my Palm Pre</div><br></span><span style="color:navy; font-family:Prelude, Verdana, san-serif; "><hr align="left" style="width:75%">On Mar 3, 2010 3:27, Dave Sherohman <dave@sherohman.org> wrote: <br><br>On Tue, Mar 02, 2010 at 01:03:32PM -0600, Yaron wrote:
<br>> On Tue, 2 Mar 2010, Carl Wilhelm Soderstrom wrote:
<br>> > I also have root access to the mailing list server, so if I wanted to be
<br>> > autocratic about it I could just make the change unilaterally. However, I
<br>> > think that would be rather irresponsible.
<br>>
<br>> Well, so far we've got quite a few people saying they'd like the change, a
<br>> couple of people saying they don't need the change, and zero people saying
<br>> they're against it.
<br>
<br>I've been holding my tongue thus far, as I'm no longer local to the LUG,
<br>but, since you've said that there's nobody against it... I'm against
<br>it.
<br>
<br>The canonical list of arguments against lists setting Reply-To would be
<br>Chip Rosenthal's ""Reply-To" Munging Considered Harmful"[1], but that's
<br>pretty ancient these days. Google's first hit on it is a copy dated
<br>2002, but Simon Hill's response, "Reply-To Munging Considered
<br>Useful"[2], dates to at least 2000, so it's clearly older than that.
<br>
<br>At some later point, Neale Pickett published ""Reply-To" Munging Still
<br>Considered Harmful. Really."[3], in which he points out that, per RFC2822,
<br>Reply-To is specifically to be used to indicate where the message's
<br>author wants replies directed. He then goes on to argue that, since the
<br>list management software is not the author of the message, it is a
<br>direct violation of the RFC for list software to set Reply-To. (It
<br>should use List-Post instead, as defined in RFC2369. Unfortunately,
<br>well over a decade later, clients which properly recognize List-Post
<br>headers remain thin on the ground.)
<br>
<br>
<br>Now that the historical archive has been presented, I'll finally get to
<br>my reason for opposing the use of Reply-To headers by mailing list:
<br>It's a matter of privacy and security.
<br>
<br>Put simply, if a message which is intended to be public is sent
<br>privately, it causes little to no harm. As already seen on this thread,
<br>it's easy for the recipient to include it in a public response, or the
<br>original sender can trivially re-send it to the correct address. The
<br>net result is a minor inconvenience for the sender (who has to send it
<br>twice) and possibly a minor annoyance for the private version's
<br>recipient (who will receive two copies unless their mail software is
<br>smart enough to filter out the duplicate).
<br>
<br>A message intended to be private which is unintentionally made public,
<br>on the other hand, can cause significant harm, ranging from simple
<br>embarassment[4] to professional problems[5] to actual physical
<br>danger[6]. Even when you consider that Reply-To munging will prevent
<br>more problems than it causes, the potential damage caused by a single
<br>exposure of private information is so much greater than the damage
<br>caused by replies being unintentionally private that I believe, in the
<br>balance, the net harm caused by Reply-To munging is greater than the net
<br>benefit it provides.
<br>
<br>
<br>But, like I said, I'm no longer local to the LUG and I hardly ever post
<br>here any more, so I don't really have a dog in this fight. My main
<br>point is simply to present the arguments against Reply-To munging by
<br>mailing list software because nobody else has done so. If you decide to
<br>start setting Reply-To headers anyhow, it's no skin off my teeth.
<br>
<br>
<br>[1] http://www.unicom.com/pw/reply-to-harmful.html
<br>[2] http://www.metasystema.net/essays/reply-to.mhtml
<br>[3] http://woozle.org/~neale/papers/reply-to-still-harmful.html
<br>[4] Someone discovering that you're going out with friends
<br> after lying to them about being sick
<br>[5] A journalist accidentally revealing connections to an anonymous
<br> source
<br>[6] See "Harriet Jacobs" (pseudonym), whose contacts and Google Reader
<br> data were automatically exposed to her abusive ex-husband by the
<br> Buzz launch; unfortunately, while you can find many references to
<br> the incident, her original rant describing it is no longer public
<br>
<br>--
<br>Dave Sherohman
<br>
<br>_______________________________________________
<br>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
<br>tclug-list@mn-linux.org
<br>http://mailman.mn-linux.org/mailman/listinfo/tclug-list
<br></span>