[Mailman-Developers] mailman email harvester
Tobias Eigen
tobias at kabissa.org
Fri Feb 11 00:01:57 CET 2005
Hi Dan,
>> Given the risk, now made worse by Bernhard's very helpfully
>> distributing this script for spammers, this is a really urgent issue.
>
> Not that hard to write such a script. I expect the spammers already
> have several alternatives to choose from. So, it's quite likely
> no harm has been done, and some good, arising from Bernhard's
> raising the issue in public.
Ok - granted. Sorry for sounding a little passive aggressive there. :-)
> I'd go further and mention that while Berhhard's script harvests
> membership rosters, it isn't that much more difficult to write a
> script that gets around the obfuscation of email addresses in the
> list archives.
Mhonarc on my system actually removes the email address completely in
the archives.
The mbox archives are still intact though, so if someone knows how
mailman works they could probably hack their way into there. MBOX files
generally are a motherlode for spammers.
My idea eventually is to replace mhonarc archives with a forum for
discussion groups and newsletter archives, all integrated with my Mambo
CMS. It's great to have the mbox files ready to be imported. This way
you don't end up with disabled archives and you don't open up
subscribers to having their email addresses harvested.
> (Hey, anybody got a lead on a Seattle-area opportunity for a rabid
> Python
> developer? Who also does C, SQL, HTML, CSS and various assemblers?)
Try introducing yourself to the nonprofit open source initiative folks.
They're very into drupal etc, and of course also use mailman.
http://www.nosi-net
> There are a pretty fair number of good reasons for keeping list
> archives
> open. My opinion is a person posting to a list assumes the risk of
> having his or her email address harvested, and that one unwilling to
> assume
> this risk should refrain from posting. However I understand if others
> do not subscribe to that belief, and that there may be circumstances
> where
> there are reasonable grounds for wanting to manage a list by some other
> policy.
I think the answer to this is that not everybody is as familiar with
these tools as we are, and we can't assume that the people we are
trying to serve are willing or able to put up with confusion about this
sort of thing. Hence, again, my plans to develop a yahoo-like service
that is more transparent and easy to navigate and use. These types of
questions simply shouldn't even come up.
> My suggestion is that an option be considered to redact all email
> addresses whatsoever from a list archive. Including anything mentioned
> in-line in the text of the post that even vaguely looks like an email
> address.
Yes. This is what mhonarc does.
> No doubt somebody on this list manages a list where users are quite
> sensitive to public exposure, who might care to advocate for such an
> option,
> and even code it, should the idea meet with sufficient approval.
Yes. We do. We also often find ourselves in the awkward position of
having to manually remove postings from our archives because people are
being defamed etc or have posted something that they didn't realize was
going to be archived and are now regretting it. Many people using our
lists are African activists and this can (to be dramatic) be a matter
of life and death.
Cheers,
Tobias
--
Tobias Eigen
Executive Director
Kabissa - Space for Change in Africa
http://www.kabissa.org
* Kabissa's vision is for a socially, economically, politically, and
environmentally vibrant Africa, supported by a strong network of
effective civil society organizations. *
More information about the Mailman-Developers
mailing list