> Do we have any mechanism for hiding or otherwise obfuscating > the email address of senders to our list?
No. The raw mbox archives show everything, as do the eyebrowse archives.
Thanks for the info.
So why not obfuscate? Even if we were to do so, any spammer could subscribe to our lists, and simply harvest sender addresses, unless we hide them and enforce reply-to-list behavior. So at least one question is whether the effort is worth the payoff.
--- Noel
By obfuscation I obviously mean a transformation which is easy for a human to decipher but difficult for a machine.
Two things that machines are unable to do as well as human beings are image recognition and language understanding.
So instead of writing an email address such as [EMAIL PROTECTED] as is, one can write
1) j o n e s @ f o o . b a r . c o m (note the extra spaces) 2) jones at foo . bar . com (read 'at' as '@') 3) jones AT foo DOT bar DOT com (read 'AT' as '@' and DOT as '.') 4) user=jones, domain=foo.bar.com 5) j|o|n|e|s||foo|bar|com (read '||' as '@', remove '|' in the user part and replace '|' as '.' in the domain part)
The number of variations are quite high.
Thus, we can allow users to respond directly to the sender of a post but still make it hard for spammers to mass-collect poster email addresses.
In a more elaborate variation of this theme, one subscribes to a mailing list under the regular email address but post under a fake address such as "[EMAIL PROTECTED]". This is possible if the autoreply address is added as an allowed alias to the list. The list moderator can do this, so can the user herself! See 2.4 Adding subscriber aliases in the EZLM manual at http://www.ezmlm.org/ezman-0.32/ezman2.html
Now, if any person tries to write to the visible address "[EMAIL PROTECTED]", they get a reply such as
Hello,
This is an automatic email responder acting on behalf of Mr. Jones.
You have recently sent an email to one of his autoreplying email addresses. If you are a real person trying to reach Mr. Jones, then please redirect your message to:
j o n e s @ f o o . b a r . c o m (note the extra spaces)
The above address is the only one that is valid. His other email addresses receive way too much rubbish forcing him to resort to this rather aggressive filtering method. If you are a real person trying to conduct legitimate correspondence, please accept our apologies for this impersonal response. Thank you for your understanding.
A copy of your original message is included below:
********************************************************************* COPY OF ORIGINAL MESSAGE
I have implemented such an autoresponder using procmail. I am including it for your convenience.
# Start .procmail file for [EMAIL PROTECTED] # ****** WARNING * WARNING * WARNING * WARNING * ## I am not really experienced with procmail. This works for me ## but maybe buggy, or even very buggy.
PMDIR=$HOME/Procmail LOGFILE=$PMDIR/pmlog
# To insert a blank line between each message's log entry, # uncomment next two lines (this is helpful for debugging) LOG=" " VERBOSE=yes
DATE=`date +%Y-%m-%d_%H_%M_%S` TMP_RESP=$PMDIR/temp/response-$DATE
# Reply to sender of message to "autoreply" stating that
# Include original message watch for user loops
:0 w
* [EMAIL PROTECTED]
* !^X-Loop: qos.ch
* !^FROM_DAEMON
{
# Start a Redirection lock
LOCKFILE = $PMDIR/redirect.lock:0 chw
| formail -r -A"Precedence: junk" -A"X-Loop: foo.bar" -A"From: [EMAIL PROTECTED]"> $TMP_RESP; cat $HOME/.redirect.msg >> $TMP_RESP;
:0 cw
| formail -k -X"To:" -X"Subject:" -X"From:" -X"Date:"|head -512 >> $TMP_RESP
:0 hw
| cat > /dev/null; /usr/sbin/sendmail -oi -t < $TMP_RESP # Release the lock
LOCKFILE
}
# On mails coming from the mail daemon, check if it # is a failed reply to a previous redirect message # Most spammers use invalid email addresses... :0 * ^FROM_DAEMON { # Check the body :0B * ^X-Loop: foo\.bar\.com * ^Precedence: junk * ^A copy of your original message is included below: /dev/null }
# End of .procmail file
In case you cannot add a fake Unix user, ask your system admin to create an alias that redirects to your real email address. In your .procmailrc you can check whether the message is for you or for your autoreply alias. If it is for your autoreply alias, just reply as shown above.
In summary, the above technique should work provided that you can use procmail and have an autoreply alias redirected to your real account. There are redirection services which do just that. Thus, I think all you need is procmail.
I am using the technique described here to send this message.
Using the autoresponder technique described here, one can remain invisible to spammers while still be able to conduct legitimate correspondence.
Your comments are welcome.
-- Ceki Gülcü
For log4j documentation consider "The complete log4j manual"
ISBN: 2970036908 http://www.qos.ch/shop/products/clm_t.jsp--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
