[Mailman-Developers] Preventing spam to list admins.

Dan Mick Dan Mick <dmick@utopia.West.Sun.COM>
Mon, 27 Aug 2001 10:36:44 -0700 (PDT) 

Why is this not handleable with a simple alias?  Put "list-owner-name"
there instead of "real-name", and Procmail list-owner-name.

Surely one can't run an email service without *some* email admin
talkback place, so....isn't the only answer abstraction and throttling
through the abstraction?

> I have a feeling I'm opening up another can of worms for Barry, but...
> 
> Had an interesting issue with a list admin this morning. One of his user had
> started getting spam, and because of various coincidences, thought it was
> because our subscriber list had leaked. I did a little snooping, and found
> that his address had been put on a public web page (not one of mine), and
> showed him that it was likely harvested there.
> 
> At which point, the admin of the list involved wrote and asked how to get
> his address off of the info page for the lists he admins. After all, if you
> go to .../mailman/listinfo/listname, down at the bottom, the admin addresses
> are out there for all to see (and harvest).
> 
> And -- I don't have an answer for that.
> 
> But -- it's a legitimate problem. You can't exactly hide those pages behind
> a security realm. As Mailman is structured, you can't really remove them,
> and there's no way to protect them.
> 
> But they need to be, because those pages are wide open, and accessible to
> all the spiders, so they're going to leak into the global search engines, or
> be harvested directly.
> 
> Ugh. 
> 
> This has to be fixed in 2.1, if not before. I think the answer is to hide
> the e-mail addresses in some way, probably by having a mail-to-the-admin
> CGI, where only the admin's NAME is accessible publically, and Mailman
> handles forwarding mail to them.
> 
> In retrospect, this problem is painfully obvious to me, but personally, I'm
> simply numb to having my e-mail address harvestable. But I think, in
> general, it's a bad idea to put any e-mail address on a page, and I think
> you can't programmatically obfuscate stuff, either (it'll be interesting to
> see whether slashdot's new random-obfuscate system actually works, or
> whether the harvesters will simply be able to figure out how it's obfuscated
> and eat the addresses anyway... I'm not hopeful)
> 
> What do others think? Anyone got any quick ideas on how to dela with this,
> and what we ought to do long term?
> 
> 
> -- 
> Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
> [<chuqui@plaidworks.com> = <me@chuqui.com> = <chuq@apple.com>]
> Yes, yes, I've finally finished my home page. Lucky you.
> 
> USENET is a lot better after two or three eggnogs. We shouldn't allow
> anyone on the net without a bottle of brandy. (chuq von rospach, 1992)
> 
> 
> 
> 
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers@python.org
> http://mail.python.org/mailman/listinfo/mailman-developers