[Mailman-Developers] Opening up a few can o' worms here...

Bryan Fullerton bryanf@samurai.com
Tue, 16 Jul 2002 19:21:16 -0400 

On Tuesday, July 16, 2002, at 01:58 PM, Chuq Von Rospach wrote:

> One thing we're definitely doing is moving to a cloaked archive. Since 
> we
> already distribute all archives out of HTTP, not FTP, we're working on 
> a CGI
> that'll strip all e-mail information out of messages on the fly (among 
> other
> things, like header cleanup and some trivial formatting fixes). The 
> idea is
> simple -- we've finally hit the point where you can't put an e-mail 
> address
> up on a public site under any cirucmstance safely, so we're having to 
> move
> to a system where we simply don't do that.
>
> I think the Mailman stuff needs  to think about this, also. It impacts 
> the
> archiving setup and other issues, but the harvesters have hit the point
> where we simply can't risk disclosing that info. It creates other 
> problems
> -- you can't see a posting in the archive and send email to that person 
> with
> more questions (or answers), but that seems trivial compared to the 
> problems
> the spammers are causing.

I've had requests from customers for this as well. I'm fairly impartial 
as to
whether it's done when the archive is displayed or when it's generated,
but they a) want public archives, and b) don't want harvest-able addreses
in them. Something like [address removed] would be fine, as long as the
Real Name portion was (optionally?) preserved.

Would probably also be a good idea for some private lists, to prevent 
more
advanced harvesters (ie subscribe to list, grab all the addresses from 
the
archives, unsubscribe - that can't be too hard to automate).

I'm unsure about whether the obscurer should scan the body and nuke
addresses there too - could be a PITA for technical lists (especially 
those
discussing email issues!), but could be valuable for lists which REALLY
want to protect subscribers.

> A secondary issue here is the problem of disclosing admins and admin
> addresses. I know we've hashed that through once, but we've come to the
> (somewhat reluctant) decision to whitelist all public, non-personal 
> email
> addresses. We're going to be implementing TMDA to do this, and will be
> switching all admin to generic addresses that filter through TMDA, as 
> well
> as things like postmaster@ and the like. While I hate making users jump
> through hoops to get through to a real person (for those that don't 
> know,
> TMDA is an overt whitelist. If you're not on the whitelist, you get mail
> back telling you to take some action, and until you do, the mail isn't
> delivered), but the abuse by the spammers on admin addresses is now so 
> bad
> I'm declaring defeat and going to the whitelist.

As mentioned by Barry, SpamAssassin good.

> So what he did was open up his address book and send his message to 
> everyone
> in it. And he's running one of these new e-mail clients that happily 
> caches
> addresses it sees in case you want them again. So all of the addresses 
> of
> people posting to the mailing lists he subscribed to were in his address
> book cache, so when he grabbed his address book, he grabbed all of those
> addresses, too.

The perils of Ease of Use. I have a crapload of people in my OS X 
Address Book
that Mail.app's been happily storing away for a rainy day. Luckily for 
them, I'm not
likely to be excited enough about anything to add them all to an 
email. :)

Bryan

--
Bryan Fullerton               http://bryanfullerton.com/
Core Competence               uunet.ca!gts!cspace!bryanf
Samurai Consulting Inc.