Topics

moderated Reply-to change proposal


 

Hi All,

This is going to be a bit technical, apologies...

Right now, we strip any Reply-to header from an incoming message. In most instances, we generate a new, appropriate reply to. But for groups that have the reply to setting set to either Reply To Sender or for messages that are tagged with a tag that is set to Reply To Sender Only, we end up not generating a replacement Reply-to header.

A group owner sets the Reply-To header on messages he sends to his announcement group, and would like those headers preserved. I can make that happen by not stripping the incoming Reply-To for groups set to Reply To Sender Only (or tagged appropriately). I don't think this will change behavior for anyone, but I'm not 100% certain. So can anyone think of a reason not to do this?

Thanks,
Mark


 

Mark,

I can make that happen by not stripping the incoming Reply-To for groups set to Reply To Sender Only (or tagged appropriately). I don't think this will change behavior for anyone, but I'm not 100% certain. So can anyone think of a reason not to do this?

​A concern was raised in GMF that this could lead to members "pranking" other members by misdirecting replies. For example, send something inflammatory or profane or irresistibly attractive then ​set Reply-To someone else. Who then gets mail-bombed by some fraction of the group membership. The victim need not be a member of the group. And in the intended use case, would not be. So the mail-bombing could arrive completely out of the blue.

I feel that those concerns are adequately mitigated if it is an Announcement Group; then only a group moderator could take such underhanded actions. Others disagree. Maybe, like other abuse-able features (Direct Add) it needs to be further tied to a premium group.

Shal


 

If it's a reply-to-sender-only group, then I think any incoming Reply-To header line should be honored. I don't think the concern that Reply-To could be used to mailbomb someone would arise much in a reply-to-sender-only group, but if it did, it should be easy for a group owner to track down who did it and deal with them appropriately. It's also possible to trick people into mass-emailing someone without using a header line at all.

JohnF


 

JohnF

I don't think the concern that Reply-To could be used to mailbomb someone would arise much in a reply-to-sender-only group, but if it did, it should be easy for a group owner to track down who did it and deal with them appropriately.

​Good point, since the owner/mods will also have received the offending message.
​And it brings to mind a pro-active mitigation: force all such messages to be moderated. And of course, make the fact that there's an inbound Reply-To prominently visible in the Pending list and pending message, possibly with the option of allowing the moderator to edit or remove it.

This idea is by analogy to the fact that all non-subscriber posts (if the group allows them) are moderated. Except here the (potentially) non-subscriber address is in the Reply-To field rather than the From field.

But I'll concede that's a bunch of work for a likely to be rarely used feature.

Shal


 

On Wed, Jul 11, 2018 at 9:18 AM, Shal Farley <shals2nd@...> wrote:

I don't think the concern that Reply-To could be used to mailbomb someone would arise much in a reply-to-sender-only group, but if it did, it should be easy for a group owner to track down who did it and deal with them appropriately.

​Good point, since the owner/mods will also have received the offending message.

Thanks for the discussion. I just pushed the change so that for Reply To Sender groups, we do not remove any existing Reply-To header. Please let me know if you hear or see any issues with it. 

Thanks,
Mark