There is an old saying about getting what you paid for. Python can be free but applications have costs.
Chris makes some valid points when saying there are existing solutions that may be worth considering. If someone wants to know about commercial products that do approximately what they need and provide some level of service, they can buy it. If they want it for free, they can create whatever they want using their own code augmented by any free code they are legally allowed to incorporate. But free is often not quite free. Look at the complaints about Google and Facebook who try to make a buck (or a billion) by looking at the data you generate and helping target advertisers or worse? Look at how the data sometimes gets out, legally or otherwise? Some people now choose to switch browsers after they keep seeing ads follow them everywhere for items they once LOOKED AT and did not even buy. Is there absolute security if you roll your own app, using python or anything else? I seriously doubt it. Python probably is not ideal in the sense that your source code is often readable if someone breaks into your machine. If you were to say encrypt/decrypt some things so items are never in plaintext on disk, your code may allow them to see what methods are used and, if you are careless enough, may even expose the key you use. I was involved in creating and maintaining a fairly early email product targeted at businesses quite a few years ago. Part of my responsibility at one point was to READ a subclass of the mail. Messages that made it into the system but ran into problems would often end up in a junkmail category and we needed to examine them to find out what went wrong and file modification requests. In addition, if we could figure out how to "fix" a message and sent it onward for delivery, we tried. An example of such an error was when we added a heterogeneous set of machines in the worldwide network of different types, a message that fit in memory on one might fail when passed to/through another kind. We had to adjust the maximum size allowed to what would fit anywhere. The point is that someone like me with the root password could read ANYTHING. All logs were equally available so making a list of all email addresses or a graph showing communication chains was possible. Many applications may be vulnerable to just one bad employee given such access. Some may be vulnerable if just one machine in an intranet is corrupted in some way. Again, this is not just about email but credit card use, browsing history, etc. But I suggest that unless you hire very experienced people to roll your own, you risk being even less secure than with a more trusted commercial product. Of course, if you want truly unique features, that may be a reason to have your own. The above is some thoughts and is not to be attacked as a suggestion to waste money buying specific products. I am not selling anything just reflecting on a wider issue. There seems to be very little absolute safety in the cyber world just as there really isn't in the physical world. You take your chances but hopefully with some idea of the risks. Someday anything you encrypt today may become easily readable unless you use fairly elaborate one-time pads. -----Original Message----- From: Python-list <python-list-bounces+avigross=verizon....@python.org> On Behalf Of Chris Angelico Sent: Monday, January 14, 2019 10:25 AM To: Python <python-list@python.org> Subject: Re: Email blast management? On Tue, Jan 15, 2019 at 12:53 AM Hartmut Goebel <h.goe...@goebel-consult.de> wrote: > > Am 14.01.19 um 12:47 schrieb Chris Angelico: > > It's a whole lot more respectful than keeping your own database of > > email addresses and then having it compromised some day. > > This assumes that one would not *keep* a list of customers in in company. > Honestly, I have no idea what you're moaning about. We don't have nearly enough details here to say what would be _the best_ way to do things, but I stand by my statement that services like MailChimp and Mailman are worth looking into. ChrisA -- https://mail.python.org/mailman/listinfo/python-list -- https://mail.python.org/mailman/listinfo/python-list
