Howdy,
How do we contact the nanog mail admins? I looked at
https://archive.nanog.org/list and https://archive.nanog.org/list/faq
but apparently someone thought it'd be clever to redact all the email
addresses from that page. "Questions should be directed to[email
protected]."
Thanks,
Bill Herrin
I think you just need to let scripts run in your browser for nanog.org.
It uses Javascript to add the emails in after the fact, it appears.
I think you just need to let scripts run in your browser for
nanog.org.
sad. http://nanog.org used to be the brilliant example of a fully
featured web site sans javascript, flash, ...
randy
It's a mailman list, so nanog-owner@nanog.org should work. If not reach out
to the communications committee.
Now i did try searching the website for the communications committee, and I
can't tell if it's still a thing. The one time I actually interacted with
them, I just emailed Matt Griswold, but that was years ago.
Yep. It's obfuscation via an XOR with a key included
in the href. So if you do not want to run javascript,
you can grab the href, pull out the key, xor the
remaining obfuscated string with it and you get the
address.
I.e.:
for email in $(curl https://archive.nanog.org/list | sed -n -e 's/.*cfemail="\(.*\)".*>/\1/p'); do n=0; for b in $(echo "${email}" | sed -e 's/\(..\)/\1 /g'); do if [ $n -eq 0 ]; then key=$b; else printf "\\$(printf "%o" $(( 0x${key} ^ 0x${b})) )"; fi; n=1; done; echo; done
It's all so obvious, isn't it?
-Jan
"This Email As A Tweet":
https://twitter.com/jschauma/status/1191062800082317312
I'm also assuming this is about the 5 bounce messages I got from this last
message to the list "Message to 9728466595@email.uscc.net failed."
Lets see if it honors "Reply-to:" 
Them and the Swedish site that's still opening tickets in Swedish in
response to nanog list posts. I was thinking of volunteering to help.
It's not exceptionally hard to figure out which list subscriber is the
problem but it's not baked in to mailman; you have to do a little bit
of work.
-Bill
Peace,
Yes -- I think we all understand the technical problems with the site.
Thanks for helping Randy with being precise.
[ Bunch of replies to messages in thread bundled here. ]
It's a mailman list, so nanog-owner@nanog.org should work. If not reach out
to the communications committee.
All mailing lists should support that, regardless of what's running them.
Mailman, thankfully, makes it easy for configuring it by default.
Other topics:
- I've received erroneous bounces from @email.uscc.net as well.
It should be possible to track down the culprit via Mailman's logs
and the MTA's logs.
- There is zero point in obfuscating email addresses in archives or
anywhere else on the 'net. None. There hasn't been any point for
most of twenty years. It's cargo cult "privacy" and that capability
should be excised from Mailman's source code, because its presence
unfortunately encourages people to indulge in a worst practice.
- I also volunteered (in 2018? not sure, need coffee) to help out
with -owner technical issues, but never heard anything back.
- One of the queries that I've sent but not had an answer to is
whether the entire archives are available in "mbox" format. (Including
the older ones.) If they are, then it should be pretty easy to fold
the old pre-Mailman archives into the current with-Mailman archives.
---rsk
https://www.youtube.com/watch?v=tJ-LivK4-78
Sorry -- couldn't resist. Believe me, I've been on the receiving end of this myself.
- I've received erroneous bounces from @email.uscc.net as well.
It should be possible to track down the culprit via Mailman's logs
and the MTA's logs.
Hi Rich,
One of the annoyances with both those guys and the swedish folks is
that they're not sending messages to the return path, they're
responding to the header from address. Mailman at NANOG never sees it.
It doesn't pass through their servers.
Even if mailman saw it, mailman doesn't use VERP. It has to scan the
message to match the subscriber and that doesn't consistently work.
The subscriber address forwards to another address, the second address
bounces and the bounce message doesn't necessarily contain the
original subscriber address.
To identify these jokers the ops will probably have to send a unique
message to each subscriber with crafted headers. That can be folded in
to a message that would go to the list anyway but the capability isn't
baked in to mailman.
- There is zero point in obfuscating email addresses in archives or
anywhere else on the 'net. None. There hasn't been any point for
most of twenty years.
Not with open subscription where any spammer can join the list to
harvest the addresses of everybody who sends.
Regards,
Bill Herrin
Both 2.1 and 3.0 of mailman support VERP. I've had it running for some time
on mailman 2.1.
I'm not sure how it will impact delivery time (a consideration). I've found
it to be a non issue in my case. I'd be willing to talk off list if anyone
wants details on how to configure and test it.
One of the annoyances with both those guys and the swedish folks is
that they're not sending messages to the return path, they're
responding to the header from address. Mailman at NANOG never sees it.
It doesn't pass through their servers.
Yeah, I know: I've seen similar things on the Mailman-powered mailing
lists that I've run.
Even if mailman saw it, mailman doesn't use VERP. It has to scan the
message to match the subscriber and that doesn't consistently work.
The subscriber address forwards to another address, the second address
bounces and the bounce message doesn't necessarily contain the
original subscriber address.To identify these jokers the ops will probably have to send a unique
message to each subscriber with crafted headers. That can be folded in
to a message that would go to the list anyway but the capability isn't
baked in to mailman.
I get all this, but there are other methods that should help narrow it down.
For example (and I really do mean "example", this might or might not
be useful in this case): one of the things I've done is to (1) grab the
subscriber list (2) reduce it to domains (3) look up the MXs for every
domain -- via a script (4) sort/uniq (5) see if any match the domain
that appears to be the culprit. (Sometimes works.) Another approach is
to look up the MX's for the culprit and see if those match any on the
just-generated list. (Usually doesn't work.) Still another is to map
the MX list to IP addresses, sort by address, then grab the IP addresses
relevant to the culprit (from A, NS, MX) and see if those are local to
any of the ones on the list. (Sometimes works.)
All of these are hit-or-miss but I've found that pursuing them usually
results in some insight, if not an answer. If nothing else it often
allows the "exoneration" of some number of subscriber addresses, which
reduces the scope of the problem and may render it tractable via other
methods. But to your point, VERP or an equivalent tactic may be the
only way to really diagnose/repair some of these.
---rsk
Bill,
The NANOG website has been recently updated. The information you are looking for can be found under resources -> Nanog mailing list -> Usage Guidelines.
https://nanog.org/resources/usage-guidelines/
The email address to contact the mail admins mailman [at] nanog.org
Thanks
Brad Raymo
NANOG PC
And it is still on going. Just got 4 of these.
Mark
And it is still on going. Just got 4 of these.
Mark
Technical proposal how to solve that.
At 1st of month send monthly reminder manually, to each subscriber, but encode recipient address in Reply-To: a bit special way.
First, you need catch-all alias on special domain.
Then, you calculate reply-to, for example if destination recipient:
hash("secret-keyword" + user@domain.com)=aabbccdd
So, it becomes:
Then just check all bounces received to *@monthly.nanog.org, and unsubscribe relevant users.