[Mailman-Developers] mailman email harvester

[Tobias Eigen]

Hi Dan,

>> Given the risk, now made worse by Bernhard's very helpfully
>> distributing this script for spammers, this is a really urgent issue.
>
> Not that hard to write such a script.  I expect the spammers already
> have several alternatives to choose from.  So, it's quite likely
> no harm has been done, and some good, arising from Bernhard's
> raising the issue in public.

Ok - granted. Sorry for sounding a little passive aggressive there. :-)

> I'd go further and mention that while Berhhard's script harvests
> membership rosters, it isn't that much more difficult to write a
> script that gets around the obfuscation of email addresses in the
> list archives.

Mhonarc on my system actually removes the email address completely in 
the archives.

The mbox archives are still intact though, so if someone knows how 
mailman works they could probably hack their way into there. MBOX files 
generally are a motherlode for spammers.

My idea eventually is to replace mhonarc archives with a forum for 
discussion groups and newsletter archives, all integrated with my Mambo 
CMS. It's great to have the mbox files ready to be imported. This way 
you don't end up with disabled archives and you don't open up 
subscribers to having their email addresses harvested.

> (Hey, anybody got a lead on a Seattle-area opportunity for a rabid 
> Python
> developer? Who also does C, SQL, HTML, CSS and various assemblers?)

Try introducing yourself to the nonprofit open source initiative folks. 
They're very into drupal etc, and of course also use mailman. 
http://www.nosi-net

> There are a pretty fair number of good reasons for keeping list 
> archives
> open.  My opinion is a person posting to a list assumes the risk of
> having his or her email address harvested, and that one unwilling to 
> assume
> this risk should refrain from posting.  However I understand if others
> do not subscribe to that belief, and that there may be circumstances 
> where
> there are reasonable grounds for wanting to manage a list by some other
> policy.

I think the answer to this is that not everybody is as familiar with 
these tools as we are, and we can't assume that the people we are 
trying to serve are willing or able to put up with confusion about this 
sort of thing. Hence, again, my plans to develop a yahoo-like service 
that is more transparent and easy to navigate and use. These types of 
questions simply shouldn't even come up.

> My suggestion is that an option be considered to redact all email
> addresses whatsoever from a list archive.  Including anything mentioned
> in-line in the text of the post that even vaguely looks like an email
> address.

Yes. This is what mhonarc does.

> No doubt somebody on this list manages a list where users are quite
> sensitive to public exposure, who might care to advocate for such an 
> option,
> and even code it, should the idea meet with sufficient approval.

Yes. We do. We also often find ourselves in the awkward position of 
having to manually remove postings from our archives because people are 
being defamed etc or have posted something that they didn't realize was 
going to be archived and are now regretting it. Many people using our 
lists are African activists and this can (to be dramatic) be a matter 
of life and death.

Cheers,

Tobias

--
Tobias Eigen
Executive Director

Kabissa - Space for Change in Africa
http://www.kabissa.org

* Kabissa's vision is for a socially, economically, politically, and 
environmentally vibrant Africa, supported by a strong network of 
effective civil society organizations. *