On Tuesday, August 26, 2003, at 04:51 PM, Heath Raftery wrote:
I have a user who is on a campaign to remove his email address from any web site.
good for him. he's figured it out...
However, I did point out that the archives are still downloadable in raw mbox format, complete with email addresses.
If you can get to an e-mail address in any format without a password, so can a spambot, and they will. and do.
I suspect that before long they will parse not just @ but also resolve 'at' with any combination of spaces either side.
slashdot has already proven that any attempt to obfuscate e-mail addresses programmatically can/will be de-obfuscated by the spammers once its worth their time. Remember, they don't have to de-program all of your obfuscations. they're patient. They can wait until they get your e-mail address re-arranged in a way they do understand how to unravel.
A good example of this that comes to my mind, is the way eBay handles communication between bidder and seller. Any ideas about the possibility of something like this in Mailman?
I think we're headed in that direction, for better and worse. I also think we're headed towards other changes in e-mail to allow users to control how their address is used. the best (IMHO) way to handle this is some form of addressing that allows a user's address to be usable for, say, a week. After that, if you attempt to use the address, you drop into challenge/response/whitelisting. Having a list server take responsibility for forwarding email is also likely useful, but it creates problems for sites where they don't control the entire domain -- you're effectively requiring the list server to live on a sub-domain and own all email to that sub-domain to do that properly.
I am (slowly, slowly) working on a new archiving scheme that won't disclose sensitive user data. Until that happens, my archives are locked behind security realms. That doesn't protect them completely, but the spambots don't seem to need to break that lock yet, not when so many other lists are available in google...
------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
