On Wed, 28 Feb 2001 08:16:29 +0100
David Sharp <[EMAIL PROTECTED]> wrote:
> However in the nature of things, I assume it's probably very
> difficult for anyone to ever prove that someone has stolen or sold
> a membership list.
This is actually rather easy to "prove" should one care to make the
effort early enough. Many people I know use Postfix/QMail-style
plus addressing for all their list subscriptions. Thus, for
instance, they'll be subscribed to this list as:
[EMAIL PROTECTED]
and to the svlug list as:
[EMAIL PROTECTED]
and to the foobar list as:
[EMAIL PROTECTED]
Thusly they have unique addresses for every list they subscribe to.
The MTA handles it all transparently, requiring no per-list
configuration, and you can do nice things at the LDA level for
filtering.
Of course this also means that they can track what addresses get
spam, and thereby, to a high degree of certainty, by what vectors a
given spammer obtained their address. Subscribe a sleeper address
to the same list (ie set to NOMAIL or one which never posts), and
you can use that address as the alarm to detect subscriber list
transfers,
> Most people already receive so much spam that it's probably
> difficult to point to some new message or messages and say "Ah -
> I'm getting that because I signed up to such-and-such a mailing
> list!"
With the above, which is fairly trivial to set up, and is something
that several ISPs are offering as an added service, its quite easy.
> And even if they did detect such a change, I imagine it would be
> very difficult to prove in a court of law what the precise cause
> was.
<shrug>
--
J C Lawrence [EMAIL PROTECTED]
---------(*) http://www.kanga.nu/~claw/
--=| A man is as sane as he is dangerous to his environment |=--
