[Mailman-Users] Users worried about spammers getting their email address
Chuq Von Rospach
chuqui at plaidworks.com
Wed Aug 27 03:34:13 CEST 2003
On Tuesday, August 26, 2003, at 04:51 PM, Heath Raftery wrote:
> I have a user who is on a campaign to remove his email address from
> any web site.
good for him. he's figured it out...
> However, I did point out that the archives are still downloadable in
> raw mbox format, complete with email addresses.
If you can get to an e-mail address in any format without a password,
so can a spambot, and they will. and do.
>> I suspect that before long they will parse not just @ but also
>> resolve 'at' with any combination of spaces either side.
slashdot has already proven that any attempt to obfuscate e-mail
addresses programmatically can/will be de-obfuscated by the spammers
once its worth their time. Remember, they don't have to de-program all
of your obfuscations. they're patient. They can wait until they get
your e-mail address re-arranged in a way they do understand how to
unravel.
> A good example of this that comes to my mind, is the way eBay handles
> communication between bidder and seller. Any ideas about the
> possibility of something like this in Mailman?
>
I think we're headed in that direction, for better and worse. I also
think we're headed towards other changes in e-mail to allow users to
control how their address is used. the best (IMHO) way to handle this
is some form of addressing that allows a user's address to be usable
for, say, a week. After that, if you attempt to use the address, you
drop into challenge/response/whitelisting. Having a list server take
responsibility for forwarding email is also likely useful, but it
creates problems for sites where they don't control the entire domain
-- you're effectively requiring the list server to live on a sub-domain
and own all email to that sub-domain to do that properly.
I am (slowly, slowly) working on a new archiving scheme that won't
disclose sensitive user data. Until that happens, my archives are
locked behind security realms. That doesn't protect them completely,
but the spambots don't seem to need to break that lock yet, not when so
many other lists are available in google...
More information about the Mailman-Users
mailing list