subject:"\[Finale\] The ARCHIVE Password"

Re: [Finale] The ARCHIVE Password

2005-01-30 Thread dhbailey

Roger Julià Satorra wrote:
-- dhbailey[EMAIL PROTECTED] wrote:  

But now that your e-mail is out there on the marketed spam
lists, 
nothing any archive is going to do will change that.

That's provably true, but new members who haven't post yet and who don't
receive spam can post here and get infected by spam. Also, I'm sure that part
of the members who don't post is just for this reason. I think that I had just
posted one reply when I realized that it was public. From then I thought that
I wouldn't post here unless this policy of having the arcive open to
everybody changed. 

You show me someone, ANYone who has an e-mail address but who hasn't 
gotten any spam before joining this list (or any other list) and I'll 
show you someone with a non-functioning e-mail address!

Just read Christopher's post about his brand-new, never used, never 
publicized e-mail address, where the first messages he received were spam.

But you were happy to read the posts of others who were willing to risk 
the publication of their e-mail addresses?  Coy, very coy!  Take what 
you want in secrecy without being willing to share.  Nice, very nice.

--
David H. Bailey
[EMAIL PROTECTED]
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Owain Sutton

OK, I concede that most of the algorithm-based CC's are to my junk 
account with Hotmail etc., where there's going to be a higher hit-rate 
for randomly generated addresses.

Simon Troup wrote:
That's odd, because when I see an email with a lot of addresses CC'd 
at my ISP, the addresses are all real addresses (I've checked by 
viewing the USR directory of my ISP's server). That shows that the 
addresses really *are* harvested, not made up by algorithm.

This is not to say that there aren't plenty such spammers using 
algorithmically created spam lists, just that harvesting is real.

It's *very* real.

I agree. If Owains theory was correct (that email addressed to simon.troup is random) I should also be getting some stuff addressed to [EMAIL PROTECTED] and [EMAIL PROTECTED] This is clearly not the case. I've got catch all email setup on my server, so I see every every message. 

There's next to no random stuff on there except when people try to spoof my address for sending spam and I get the message undeliverable notices.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Johannes Gebauer

Well, my account for mailing lists is [EMAIL PROTECTED], and 
most of the spam on that address is clearly addressed to exactly that 
address, which is not exactly a very common address, both before and 
after the @. Some spam is addressed to [EMAIL PROTECTED], but none is addressed 
to any random names (which I would receive as well). I am afraid I put 
the blame on the Finale archives. When I google for this address, all 
that shows up is a few results from the archive. Surprisingly few, (4) 
but it's enough to generate quite an amount of Spam.

As far as I know the Finale list archives have been obscuring email 
addresses for some time, but it seems it didn't always work. That's bad 
enough and for that reason I am happy that the archives are going to be 
private in the future.

Johannes
Owain Sutton wrote:
OK, I concede that most of the algorithm-based CC's are to my junk 
account with Hotmail etc., where there's going to be a higher hit-rate 
for randomly generated addresses.

Simon Troup wrote:
That's odd, because when I see an email with a lot of addresses CC'd 
at my ISP, the addresses are all real addresses (I've checked by 
viewing the USR directory of my ISP's server). That shows that the 
addresses really *are* harvested, not made up by algorithm.

This is not to say that there aren't plenty such spammers using 
algorithmically created spam lists, just that harvesting is real.

It's *very* real.

I agree. If Owains theory was correct (that email addressed to 
simon.troup is random) I should also be getting some stuff addressed 
to [EMAIL PROTECTED] and 
[EMAIL PROTECTED] This is clearly not the case. I've 
got catch all email setup on my server, so I see every every message.
There's next to no random stuff on there except when people try to 
spoof my address for sending spam and I get the message 
undeliverable notices.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale
--
http://www.musikmanufaktur.com
http://www.camerata-berolinensis.de
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Johannes Gebauer

Just one more addition: If I enter lists-at-musikmanufaktur in google I 
get a lot of results, almost all of them from the Finale lists. Anyone 
should know that the spiders are intelligent enough to find lists at 
musikmanufaktur.com and translate it back into an email address (simple 
enough to find places that contain at and .com in the same line). 
That's precisely where most of my spam on that lists originates.

The only way such archives should be allowed public is by simply hiding 
email addresses completely.

Johannes
--
http://www.musikmanufaktur.com
http://www.camerata-berolinensis.de
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Noel Stoutenburg

David W. Fenton wrote:
If that's the kind of obfuscation to be used, then the archive should 
not be public. If email addresses are obfuscated, they should be 
wholly obfuscated, and not available to either human or software 
viewers of the page.
 

to which I would observe that with the processor speed these days, it's 
probably trivial to harvest email addresses out of the body of the 
message, not only those which are not obfuscated, but those which have 
been self-obfuscated.  The heuristic for this would be simple:  find 
every instance of net, com, c.,  and take the characters immediately 
preceding, discard any spaces, convert any instances of dot to a 
period, check the string immediately preceding that against a list of 
known domains, and convert any instances of at before the domain to 
the @ sign, and consider the characters preceding that to be a user name. 

Personally in my view, the most expedient solution to Spam, virii, and 
worms, is to do as I have done:  next time you get a new computer, save 
the old one, remove everything from it except the OS, a browser, and 
internet related plug ins, and use only the Iomega network for 
transferring files from your internet machine to any other.  Also, learn 
to use the filtering capabilities of your browers, create your own spam 
traps.  Finally, regularly back up the email archives you wish to save. 

Then, in the worst case, your internet machine is infected with a virus, 
it becomes trivial to low-level format the HDD, reinstall the OS and 
plug-ins, and restore archives. 

If you really want to have your main machines connected to the internet, 
set up a local server, and put in two firewalls, one between the 
internet connection and your bread-and-butter machines, and one between 
the internet connectiona dn your ISP's server. 

ns
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread dhbailey

Simon Troup wrote:
I tire of this belief that all spam is from harvested emails. A good
proportion of the spam I receive (on several different accounts) is
also CCed to endless permutations of my surname - all it takes is a
list of first names, a list of surnames, a list of top level domains,
and software. Much easier than bothering to trawl the web.

Nearly all my spam is directed directly at that email address, please don't presume that I'm deluded in linking the two events.
But now that your e-mail is out there on the marketed spam lists,
nothing any archive is going to do will change that.

And it still remains to see how much spam is generated by spiders
trolling archives such as the ones as SHSU.

I've been using this address for over 2 years now (almost 3) on this
list and I receive perhaps 10 spams per day. I still have the old
e-mail address active (it's from my ISP) which was active on this list
for the past 4 years, and it gets about 5 spam e-mails a day.

So if we compare our two experiences, I would feel safe in claiming that
your spams are NOT coming as a result of your e-mail being posted in the
formerly-public archives at SHSU. Mine certainly hasn't been, and I
include mine in the signature of every e-mail I send to the list, so
it'll be in each archived message twice. And goodness knows I post
quite a lot to this list, so if anybody was a target of spam from spider
trolling, I would be a primary target.

--
David H. Bailey
[EMAIL PROTECTED]
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Christopher Smith

On Jan 28, 2005, at 7:28 PM, Simon Troup wrote:
They'll hit on simon+troup fairly often.
Hi Owain,
I didn't mention google, a mail spider will connect to the first page 
of a site such as suse.com and spider the site from there, google 
probably has nothing to do with it as you suggest.

Only a very small proportion of mail I receive is the result of 
randomly generated names.

I enabled a new address a few months ago, but didn't use it, or even 
configure it, for a couple of weeks. The first time I entered all my 
information into Mail and went to check that it was operational, I had 
two pieces of spam waiting for me, dated one week previously and two 
weeks previously (remember that I hadn't given this email address to 
ANYONE yet!) I was a little taken aback, to say the least!

Christopher
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Aaron Sherber

At 10:24 AM 01/29/2005, Noel Stoutenburg wrote:
leads me to the speculate a bit.  When you set up an email account, your
ID is placed in some table.  Now if a person, not necessarily associated
with your ISP knows the address of that table, and how to access it's
contents, it would be trivial to read the table on a routine basis, and
find out the new user names, and determine which are no longer in the table.
I'm not sure how this is done technically, but I know for a fact that there 
is a certain amount of spam delivered by a method similar to this.

For a couple of years, mail for sherber.com was handled by Everyone.net. At 
the beginning of January, I switched all hosting to a new hosting service. 
Even today, when there are presumably no MX records anywhere on the 
Internet linking sherber.com to Everyone.net, I am still receiving a 
trickle of spam in the box at Everyone.net (the account is still active 
there). The only way this could happen is if someone accesses the SMTP 
server at Everyone.net and gets a list of all accounts on the server (or 
marks a message for delivery to all existing accounts, or some such thing).

Aaron.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Roger Julià Satorra

-- dhbailey[EMAIL PROTECTED] wrote:  
 But now that your e-mail is out there on the marketed spam
 lists, 
 nothing any archive is going to do will change that.

That's provably true, but new members who haven't post yet and who don't
receive spam can post here and get infected by spam. Also, I'm sure that part
of the members who don't post is just for this reason. I think that I had just
posted one reply when I realized that it was public. From then I thought that
I wouldn't post here unless this policy of having the arcive open to
everybody changed. 

Roger
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread David W. Fenton

On 29 Jan 2005 at 5:29, Noel Stoutenburg wrote:

 David W. Fenton wrote:
 
 If that's the kind of obfuscation to be used, then the archive should
  not be public. If email addresses are obfuscated, they should be
 wholly obfuscated, and not available to either human or software
 viewers of the page.

 to which I would observe that with the processor speed these days,
 it's probably trivial to harvest email addresses out of the body of
 the message, not only those which are not obfuscated, but those which
 have been self-obfuscated. . . .

By obfuscated, I mean not readable or constructable from the data 
displayed on the page. The archive that I saw that was obfuscated 
when viewed but not when googled had this for the email addresses: 
[email address hidden].

No computer could get the email address from that.

Nor could a human being, and I don't mind that.

 . . . The heuristic for this would be simple: 
 find every instance of net, com, c.,  and take the characters
 immediately preceding, discard any spaces, convert any instances of
 dot to a period, check the string immediately preceding that against
 a list of known domains, and convert any instances of at before the
 domain to the @ sign, and consider the characters preceding that to be
 a user name. 

I don't know if anyone has tested whether spammers are harvesting 
human-obfuscated email addresses -- it could be done by the same 
methodology that was used in the spam trap test a year or so ago, 
where it was found that by far the largest amount of spam was 
harvested from email addresses found on web pages (something like 75% 
of it vs. a relatively minuscule amount for the next highest source, 
Usenet, which was something like 10%).

Somehow, I strongly doubt the spammers are being that clever. They 
are criminals, after all (in my opinion), and criminals are 
notoriously stupid people in general.

 Personally in my view, the most expedient solution to Spam, virii, and
 worms, is to do as I have done:  next time you get a new computer,
 save the old one, remove everything from it except the OS, a browser,
 and internet related plug ins, and use only the Iomega network for
 transferring files from your internet machine to any other.  Also,
 learn to use the filtering capabilities of your browers, create your
 own spam traps.  Finally, regularly back up the email archives you
 wish to save. 

I don't get viruses. And the only way I could get rid of spam 
(temporarily) is to change email addresses. None of your advice above 
really helps either of those issues at all.

 Then, in the worst case, your internet machine is infected with a
 virus, it becomes trivial to low-level format the HDD, reinstall the
 OS and plug-ins, and restore archives. 

Viruses and spam are two wholly separate issues. I haven't had a 
virus infection since about 1997 or so (back when boot sector viruses 
were the most common), but I've been getting lots of spam.

 If you really want to have your main machines connected to the
 internet, set up a local server, and put in two firewalls, one between
 the internet connection and your bread-and-butter machines, and one
 between the internet connectiona dn your ISP's server. 

No one should connect their PC directly to the Internet. A full-scale 
firewall is not entirely required. A NAT router prevents any incoming 
connections from getting to your computer (unless you explicitly 
redirect the ports involved), and a software firewall on the PC will 
allow you to control outgoing connections in ways that dedicated 
firewall boxes never allow at all (i.e., you can authorize outgoing 
connections by application, which can never be known by an external 
device).

-- 
David W. Fentonhttp://www.bway.net/~dfenton
David Fenton Associateshttp://www.bway.net/~dfassoc

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread David W. Fenton

On 29 Jan 2005 at 9:24, Noel Stoutenburg wrote:

 Christopher's report:
 
  I enabled a new address a few months ago, but didn't use it, or even
  configure it, for a couple of weeks. The first time I entered all my
  information into Mail and went to check that it was operational, I
  had two pieces of spam waiting for me, dated one week previously and
  two weeks previously (remember that I hadn't given this email
  address to ANYONE yet!) I was a little taken aback, to say the
  least! 
 
 leads me to the speculate a bit.  When you set up an email account,
 your ID is placed in some table.  Now if a person, not necessarily
 associated with your ISP knows the address of that table, and how to
 access it's contents, it would be trivial to read the table on a
 routine basis, and find out the new user names, and determine which
 are no longer in the table.

The only place that an email address is kept is in the configuration 
data for an ISP. By default, those files should be inaccessible to 
outsiders.

It would depend on the email username Christopher set up, but my 
guess is that the source is either an algorithmic crack (using common 
email usernames) or the address was actually published somewhere, 
like in a WHOIS listing.

I set up dfenton.com in early December and set up a half dozen or so 
email addresses. I have yet to receive a single piece of spam. I 
certainly see a number of machines connecting to the site (even 
though it's never been publicized anywhere), but I assume those 
somehow got their information from WHOIS and that most are attempted 
exploits of Windows-based web servers running the execrable IIS 
(which my host is not -- Apache all the way!).

I have only one address on my domain protected by challenge/response, 
the address I most want to protect from spam (and which I'm never 
going to use publicly). That address could be algorithmicly 
constructed from my domain name, and that's why I have locked it up 
and intend not to use it.

I don't think Christopher's case is one of the ISP's records being 
compromised. I think it's more likely that the ISP provided the 
address to someone who published it in a manner that allowed it to be 
harvested by a spammer. That's why I'm glad my ISP knows nothing 
about the email addresses I'm setting up on my domain.

-- 
David W. Fentonhttp://www.bway.net/~dfenton
David Fenton Associateshttp://www.bway.net/~dfassoc

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread David W. Fenton

On 29 Jan 2005 at 10:37, Aaron Sherber wrote:

 At 10:24 AM 01/29/2005, Noel Stoutenburg wrote:
  leads me to the speculate a bit.  When you set up an email account,
  your ID is placed in some table.  Now if a person, not necessarily
  associated with your ISP knows the address of that table, and how to
  access it's contents, it would be trivial to read the table on a
  routine basis, and find out the new user names, and determine which
  are no longer in the table. 
 
 I'm not sure how this is done technically, but I know for a fact that
 there is a certain amount of spam delivered by a method similar to
 this.
 
 For a couple of years, mail for sherber.com was handled by
 Everyone.net. At the beginning of January, I switched all hosting to a
 new hosting service. Even today, when there are presumably no MX
 records anywhere on the Internet linking sherber.com to Everyone.net,
 I am still receiving a trickle of spam in the box at Everyone.net (the
 account is still active there). The only way this could happen is if
 someone accesses the SMTP server at Everyone.net and gets a list of
 all accounts on the server (or marks a message for delivery to all
 existing accounts, or some such thing).

Eh? If the account existed and was on spammers' lists before you shut 
down the Everyone.net hosting, then it's just leftover and coming 
through just because the account is still active (or you have crazily 
set up a catch-all, which is useless in the age of spam, in my 
opinion). If you shut down the Everyone.net host entirely, the 
spammers would still be sending to those email addresses, they just 
wouldn't go anywhere.

-- 
David W. Fentonhttp://www.bway.net/~dfenton
David Fenton Associateshttp://www.bway.net/~dfassoc

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Owain Sutton


David W. Fenton wrote:
No one should connect their PC directly to the Internet. A full-scale 
firewall is not entirely required. A NAT router prevents any incoming 
connections from getting to your computer (unless you explicitly 
redirect the ports involved), and a software firewall on the PC will 
allow you to control outgoing connections in ways that dedicated 
firewall boxes never allow at all (i.e., you can authorize outgoing 
connections by application, which can never be known by an external 
device).

Unless there's some incentive for ISPs to provide expensive routers 
(instead of cheap USB ADSL modems), this won't happen.  And most people 
don't understand that there's a big risk through poor security - the 
tiny minority who get stung by dialers or by phishing or whatever are 
enough to pay the wages of all the criminals involved.  We 'happy many' 
just get stuck with endless spam that's eventually going to pick out 
those hapless individuals.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Aaron Sherber

At 07:53 PM 01/29/2005, David W. Fenton wrote:
Eh? If the account existed and was on spammers' lists before you shut
down the Everyone.net hosting, then it's just leftover and coming
through just because the account is still active (or you have crazily
set up a catch-all, which is useless in the age of spam, in my
opinion). If you shut down the Everyone.net host entirely, the
spammers would still be sending to those email addresses, they just
wouldn't go anywhere.
My email address is the same as it was (now I'm reluctant to even mention 
it, but it's in the header of this email g). A month ago, I changed the 
MX records for sherber.com from Everyone.net to a different hosting 
service. DNS takes two or three days to propagate, but surely after 4 weeks 
there can't be any DNS records still pointing to Everyone.net.

The sherber.com *account* still exists at Everyone.net, since I just 
haven't gotten around to cancelling, and so I can still log in to webmail 
there -- and when I do there are a few new spam messages each day. Since 
any legitimately sent email would pick up the new MX record and wind up at 
my new host, I conclude that the only way spam winds up in the Everyone.net 
box is by hacking the Everyone.net SMTP server. But I'm willing to listen 
to other explanations.

Aaron.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread David W. Fenton

On 29 Jan 2005 at 20:09, Aaron Sherber wrote:

 At 07:53 PM 01/29/2005, David W. Fenton wrote:
  Eh? If the account existed and was on spammers' lists before you
  shut down the Everyone.net hosting, then it's just leftover and
  coming through just because the account is still active (or you have
  crazily set up a catch-all, which is useless in the age of spam, in
  my opinion). If you shut down the Everyone.net host entirely, the
  spammers would still be sending to those email addresses, they just
  wouldn't go anywhere.
 
 My email address is the same as it was (now I'm reluctant to even
 mention it, but it's in the header of this email g). A month ago, I
 changed the MX records for sherber.com from Everyone.net to a
 different hosting service. DNS takes two or three days to propagate,
 but surely after 4 weeks there can't be any DNS records still pointing
 to Everyone.net.
 
 The sherber.com *account* still exists at Everyone.net, since I just
 haven't gotten around to cancelling, and so I can still log in to
 webmail there -- and when I do there are a few new spam messages each
 day. Since any legitimately sent email would pick up the new MX record
 and wind up at my new host, I conclude that the only way spam winds up
 in the Everyone.net box is by hacking the Everyone.net SMTP server.
 But I'm willing to listen to other explanations.

I strongly doubt that's a valid explanation.

Much more likely is that the spammers are using an SMTP program that 
caches the DNS information for too long.

I think too many people are willing to scream HACKERS! instead of 
thinking about valid explanations that don't involve nefarious 
activity.

-- 
David W. Fentonhttp://www.bway.net/~dfenton
David Fenton Associateshttp://www.bway.net/~dfassoc

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-29 Thread Aaron Sherber

At 08:34 PM 01/29/2005, David W. Fenton wrote:
I strongly doubt that's a valid explanation.

Much more likely is that the spammers are using an SMTP program that
caches the DNS information for too long.
Yes, that's also possible. A random sampling of the headers of these emails 
shows that the first Received header is from the originating machine and by 
the Everyone.net SMTP server; most legitimate email I get has a first 
Received header from the originating machine and by *their* SMTP server (or 
their ISP's SMTP server). I assumed this meant that they were somehow 
getting information directly from Everyone.net, but I suppose they could 
just have their own very outdated DNS info and are sending things direct to 
target SMTP servers.

Aaron.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Mark D Lew

On Jan 27, 2005, at 2:21 AM, d. collins wrote:
For what it's worth, I guess my preference would be that the Finale 
List archives remain google-able, but it's only a slight preference.
It's not something that I care about enough to lobby for.
Why Google, since it's possible to have searchable archives without 
making them public?
Well, I suppose the answer to your question is that I like the idea of 
them being public.  In general, I think sharing of information is a 
good thing, and Google is a better way of sharing with everyone.  As 
for privacy, I don't think of this list as being private at all; I 
think of it as public.  That is probably due to my extensive experience 
with the Usenet and various Web-based forums, where everything is 
surely very public.

But as I said before, it's not something I'm lobbying for.  I'm happy 
for the Finale archives to be stored or not stored however the 
community as a whole prefers.

mdl
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread A-NO-NE Music

Mark D Lew / 05.1.28 / 05:01 AM wrote:

As 
for privacy, I don't think of this list as being private at all; I 
think of it as public.


That's not the point.
I just ran Google with your email address (not name but address), and
there you are so many hits.  You don't mind this?  I do.


-- 

- Hiro

Hiroaki Honshuku, A-NO-NE Music, Boston, MA
http://a-no-ne.com http://anonemusic.com


___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Mark D Lew

On Jan 28, 2005, at 8:22 AM, A-NO-NE Music wrote:
That's not the point.
I just ran Google with your email address (not name but address), and
there you are so many hits.  You don't mind this?  I do.
Not really.  It bothers me much more that every time I go to an 
airport, bank, shopping mall, convenience store, etc, pictures are 
taken of me.  But that's life in the modern world.

mdl
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Mariposa Symphony Orchestra




I'm becoming more and more ambivalentin 
the offense battle against spam, which it appears we're losing on a 
monumental scale. My personal approach has been to pragmatically 
shift from endorsing the capture and painful execution of the perps (!)to 
basically creating a firewall with as much impermeability as 
possible. My preference would be tokeep the archives fully, 
easily and if necessary publicly searchable; besides -- apropos the info 
gathering now prevalent in the world: anyone hypothetically taking my pictures 
deserves thepunishment of having to view them...

Best, 

Les

Les MarsdenFounding Music Director and Conductor, The Mariposa 
Symphony OrchestraMusic and Mariposa? Ah, Paradise!!!

http://arts-mariposa.org/symphony.htmlhttp://www.sierratel.com/mcf/nprc/mso.htm

  - Original Message - 
  From: 
  Johannes Gebauer 
  To: finale@shsu.edu 
  Sent: Friday, January 28, 2005 11:52 
  AM
  Subject: Re: [Finale] The ARCHIVE 
  Password
  I sort of agree with both of you. I wouldn't mind the Finale 
  list being public and searchable, were it not for the Spam this has 
  generated in the past. I am also much more bothered by the constant data 
  that is being gathered about me - photos are probably the least important 
  of that data.JohannesMark D Lew wrote: On Jan 28, 
  2005, at 8:22 AM, A-NO-NE Music wrote:  That's not the 
  point. I just ran Google with your email address (not name but 
  address), and there you are so many hits. You don't mind 
  this? I do.   Not really. It bothers me 
  much more that every time I go to an airport,  bank, shopping mall, 
  convenience store, etc, pictures are taken of me.  But that's 
  life in the modern world.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Brad Beyenhof

On Fri, 28 Jan 2005 21:14:04 +0100, d. collins [EMAIL PROTECTED] wrote:
 Owain Sutton écrit:
 
 If you feel this way about privacy, you shouldn't be sending messages
 through mailing lists such as this - sending messages to an unknown number
 of recipients and then complaining that your address is identifiable is
 illogical.
 
 No it isn't, since there's no reason it has to be this way. I'm subscribed
 to about a dozen mailing lists, none of which make their archives public
 (i.e. have them indexed by Google). Many of them have nevertheless
 searchable archives. On what grounds can you say that a mailing list has to
 be what you would like it to be? The very idea of a mailing list is based
 on the notion of subscription and membership. If you want to participate -
 by posting, reading, searching the archives - you subscribe. If you don't,
 you go elsewhere (Usenet, or whatever) to find what you're looking for.

I think what he's saying is that every message you send to the list,
as well as your email address, can been seen by anybody who sets up a
free (automated and unrestricted) subscription to the Finale list.

A list I subscribe to requires you to answer a few questions from the
moderator before you can be added to the subscribers list. This keeps
unauthorized visitors out (especially since it's the official list of
a professional society), but the Finale list does no such thing.
Anybody can email the mailman robot and get automatically added, no
matter who they are. You have no idea who has done that, so in effect
you are sending messages to an unknown number of recipients.

-- 
Brad Beyenhof
[EMAIL PROTECTED]
my blog: http://augmentedfourth.blogspot.com
FinaleIRC (come chat!): http://finaleirc.com

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread dhbailey

Owain Sutton wrote:

Mark D Lew wrote:
On Jan 28, 2005, at 8:22 AM, A-NO-NE Music wrote:
That's not the point.
I just ran Google with your email address (not name but address), and
there you are so many hits.  You don't mind this?  I do.

Not really.  It bothers me much more that every time I go to an 
airport, bank, shopping mall, convenience store, etc, pictures are 
taken of me.  But that's life in the modern world.


It doesn't bother me, either.  If you feel this way about privacy, you 
shouldn't be sending messages through mailing lists such as this - 
sending messages to an unknown number of recipients and then complaining 
that your address is identifiable is illogical.
Especially since there isn't any proof of identity or actual interest in 
Finale content for anybody who joins this list.  Any of us could simply 
be e-mail cullers -- there is a huge number of lurkers who never post. 
Who has any idea how many of them are simply here to watch you?

--
David H. Bailey
[EMAIL PROTECTED]
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Simon Troup

I'd just like to chip in that if you do a search for [EMAIL PROTECTED] you get 
a bunch of hits from mailing lists such as PHP and Suse Linux - I didn't 
realise that those lists published their archives WITH email addresses to the 
web. 

That scenario is clearly stupid and should be avoided at all costs. I now get 
400+ emails a day, only about 20 of the legitimate, the rest is spam.

The very least that mailing lists should do is to withold email addresses, or 
make them so that email spiders cannot retrieve them. Leaving unencrypted email 
address in archives is completely irresponsible.
-- 
Simon Troup
Digital Music Art

-
Finale IRC channel
server: irc.chatspike.net
port: 6667
channel: #Finale
-

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Owain Sutton


Simon Troup wrote:
I'd just like to chip in that if you do a search for [EMAIL PROTECTED] you get a bunch of hits from mailing lists such as PHP and Suse Linux - I didn't realise that those lists published their archives WITH email addresses to the web. 

That scenario is clearly stupid and should be avoided at all costs. I now get 
400+ emails a day, only about 20 of the legitimate, the rest is spam.
The very least that mailing lists should do is to withold email addresses, or make them so that email spiders cannot retrieve them. Leaving unencrypted email address in archives is completely irresponsible.
I tire of this belief that all spam is from harvested emails.  A good 
proportion of the spam I receive (on several different accounts) is also 
CCed to endless permutations of my surname - all it takes is a list of 
first names, a list of surnames, a list of top level domains, and 
software.  Much easier than bothering to trawl the web.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Simon Troup

 I tire of this belief that all spam is from harvested emails.  A good
 proportion of the spam I receive (on several different accounts) is
 also CCed to endless permutations of my surname - all it takes is a
 list of first names, a list of surnames, a list of top level domains,
 and software.  Much easier than bothering to trawl the web.

Nearly all my spam is directed directly at that email address, please don't 
presume that I'm deluded in linking the two events.
-- 
Simon Troup
Digital Music Art

-
Finale IRC channel
server: irc.chatspike.net
port: 6667
channel: #Finale
-

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Owain Sutton


Simon Troup wrote:
I tire of this belief that all spam is from harvested emails.  A good
proportion of the spam I receive (on several different accounts) is
also CCed to endless permutations of my surname - all it takes is a
list of first names, a list of surnames, a list of top level domains,
and software.  Much easier than bothering to trawl the web.

Nearly all my spam is directed directly at that email address, please don't presume that I'm deluded in linking the two events.

Assuming you're talking about the digitalmusicart.com address, you're on 
te very low end of Google results.  Just because spam is directed at a 
particular address doesn't prove that it's the result of publicity for 
that address.  As I've already mentioned, I get endless spam which is 
clearly targetting every permutation of first and surnames for a given 
TLD.  They'll hit on simon+troup fairly often.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread David W. Fenton

On 28 Jan 2005 at 2:01, Mark D Lew wrote:

 On Jan 27, 2005, at 2:21 AM, d. collins wrote:
 
  For what it's worth, I guess my preference would be that the Finale
  List archives remain google-able, but it's only a slight
  preference. It's not something that I care about enough to lobby
  for.
 
  Why Google, since it's possible to have searchable archives without
  making them public?
 
 Well, I suppose the answer to your question is that I like the idea of
 them being public.  In general, I think sharing of information is a
 good thing, and Google is a better way of sharing with everyone.  As
 for privacy, I don't think of this list as being private at all; I
 think of it as public.  That is probably due to my extensive
 experience with the Usenet and various Web-based forums, where
 everything is surely very public.

I really agree with all of that. My only request of a public archive 
is that email addresses should be obfuscated so that spammers can't 
harvest them. If that can't be done, then no archive should be 
public.

 But as I said before, it's not something I'm lobbying for.  I'm happy
 for the Finale archives to be stored or not stored however the
 community as a whole prefers.

I've barely ever used the archives, as I don't find the information 
in them to be helpful -- it's usually too dated, or the discussions 
too convoluted to follow after the fact.

-- 
David W. Fentonhttp://www.bway.net/~dfenton
David Fenton Associateshttp://www.bway.net/~dfassoc

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Simon Troup

 I really agree with all of that. My only request of a public archive 
 is that email addresses should be obfuscated so that spammers can't 
 harvest them. If that can't be done, then no archive should be 
 public.

I whole heartedly agree with that statement.
-- 
Simon Troup
Digital Music Art

-
Finale IRC channel
server: irc.chatspike.net
port: 6667
channel: #Finale
-

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread David W. Fenton

On 28 Jan 2005 at 23:36, Simon Troup wrote:

 I'd just like to chip in that if you do a search for
 [EMAIL PROTECTED] you get a bunch of hits from mailing
 lists such as PHP and Suse Linux - I didn't realise that those lists
 published their archives WITH email addresses to the web. 

Because of this discussion I googled my email address and what I 
discovered was that my email address is listed in archives that show 
up in Google, but when you open the page, the email address is 
obscured! For some reason, Google's web-crawling spider gets the real 
address, but the actual web page does not.

That looks like a huge error in design on the part of the people 
running the archive -- why obfuscate something that the most widely 
used automated spider can see? Does that mean that any spider, 
including a spammer's email harvesting bot can see the addresses, 
too?

If that's the kind of obfuscation to be used, then the archive should 
not be public. If email addresses are obfuscated, they should be 
wholly obfuscated, and not available to either human or software 
viewers of the page.

-- 
David W. Fentonhttp://www.bway.net/~dfenton
David Fenton Associateshttp://www.bway.net/~dfassoc

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread David W. Fenton

On 28 Jan 2005 at 23:50, Owain Sutton wrote:
 I tire of this belief that all spam is from harvested emails.  A good
 proportion of the spam I receive (on several different accounts) is
 also CCed to endless permutations of my surname - all it takes is a
 list of first names, a list of surnames, a list of top level domains,
 and software.  Much easier than bothering to trawl the web.

That's odd, because when I see an email with a lot of addresses CC'd 
at my ISP, the addresses are all real addresses (I've checked by 
viewing the USR directory of my ISP's server). That shows that the 
addresses really *are* harvested, not made up by algorithm.

This is not to say that there aren't plenty such spammers using 
algorithmically created spam lists, just that harvesting is real.

It's *very* real.

-- 
David W. Fentonhttp://www.bway.net/~dfenton
David Fenton Associateshttp://www.bway.net/~dfassoc

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-28 Thread Simon Troup

 That's odd, because when I see an email with a lot of addresses CC'd 
 at my ISP, the addresses are all real addresses (I've checked by 
 viewing the USR directory of my ISP's server). That shows that the 
 addresses really *are* harvested, not made up by algorithm.
 
 This is not to say that there aren't plenty such spammers using 
 algorithmically created spam lists, just that harvesting is real.
 
 It's *very* real.

I agree. If Owains theory was correct (that email addressed to simon.troup is 
random) I should also be getting some stuff addressed to [EMAIL PROTECTED] and 
[EMAIL PROTECTED] This is clearly not the case. I've got catch all email setup 
on my server, so I see every every message. 

There's next to no random stuff on there except when people try to spoof my 
address for sending spam and I get the message undeliverable notices.
-- 
Simon Troup
Digital Music Art

-
Finale IRC channel
server: irc.chatspike.net
port: 6667
channel: #Finale
-

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-27 Thread Brad Beyenhof

On Thu, 27 Jan 2005 11:21:16 +0100, d. collins [EMAIL PROTECTED] wrote:
 Mark D Lew écrit:

 For what it's worth, I guess my preference would be that the Finale List
 archives remain google-able, but it's only a slight preference.
 It's not something that I care about enough to lobby for.
 
 Why Google, since it's possible to have searchable archives without making
 them public?

It doesn't necessarily have to be Google-indexed, just searchable in
some form or fashion. If the list server at SHSU would implement
mailman2 (as Hiro described), there would be no issue here.

By the way, I applaud Henry for setting password protection on the
archives. Don't get me wrong; I'm glad my personal information and
list communication are now private. However, for the archive to be
truly functional it will need to be searchable. Up until now, that
function was performed by Google; now, something else must be devised.

-- 
Brad Beyenhof
[EMAIL PROTECTED]
my blog: http://augmentedfourth.blogspot.com
my public bookmarks: http://del.icio.us/bbeyenhof

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

[Finale] The ARCHIVE Password

2005-01-26 Thread Henry Howey

Title: The ARCHIVE Password


In response to requests made on and off list, I converted the
archives to a members-only status.

The upshot is that you now need a password to access them. You
were sent a password when you signed up for the list. It will be
re-set and re-sent to you if you will go to the italicized section at
the bottom of the page:

Finale
Subscribers
(The
subscribers list is only available to the list members.)

Enter your address and password to visit the subscribers list:

Address: Password: Visit Subscriber List

To
unsubscribe from Finale, get a password reminder, or change your
subscription options enter your subscription email
address:
Unsubscribe or edit
options If you leave the field blank, you will be prompted
for your email address



The address to do this is:

http://lists.shsu.edu/mailman/listinfo/finale
-- 

Henry Howey, D.M.A. 
Professor of Music 
Sam Houston State University
Box 2208
Huntsville, TX 77341

(936) 294-1364
http://www.shsu.edu/~music/faculty/howey.html
Owner of FINALE Discussion List





___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-26 Thread Brad Beyenhof

On Wed, 26 Jan 2005 11:16:15 -0600, Henry Howey [EMAIL PROTECTED] wrote:
  
 In response to requests made on and off list, I converted the archives to a
 members-only status. 
 
 The upshot is that you now need a password to access them. You were sent a
 password when you signed up for the list. It will be re-set and re-sent to
 you if you will go to the italicized section at the bottom of the page: 

Will there be a provision made for searching the archives? I have
nothing against password-protecting the archives, but since they're
not public anymore they won't be indexed by Google. I've had great
luck in the past finding answers by using Google to search the
archives, and I'll greatly miss this ability if no searching facility
is added into the mailman/pipermail interface.

-- 
Brad Beyenhof
[EMAIL PROTECTED]
my blog: http://augmentedfourth.blogspot.com
my public bookmarks: http://del.icio.us/bbeyenhof
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-26 Thread Aaron Sherber

At 12:46 PM 01/26/2005, Brad Beyenhof wrote:
archives, and I'll greatly miss this ability if no searching facility
is added into the mailman/pipermail interface.
I couldn't agree more. There's no point to the archives if they're not 
searchable.

Aaron.
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-26 Thread Johannes Gebauer

I whole-heartedly agree with everything you said.
Thanks, Henry!
Johannes
d. collins wrote:
Many mailing lists have searchable archives without these archives being 
open to the public and to Google. I'm not against searchable archives, 
on the contrary, but I'm against having all our exchanges indexed by 
Google. I realize of course it's not up to me to decide. But I find this 
constant tracking and publishing of all our words terrifying, and a bit 
too big-brotheresque to my taste. Not to mention the amount of spam it 
generates.

So I take the opportunity to thank Henry for this change.
Dennis

___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale
--
http://www.musikmanufaktur.com
http://www.camerata-berolinensis.de
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-26 Thread A-NO-NE Music

Aaron Sherber / 05.1.26 / 01:58 PM wrote:

I couldn't agree more. There's no point to the archives if they're not 
searchable.


Well, I don't want to put any pressure to the admin, but Mailman2 does
give you search API on the archive interface.  It's not a built-in option
so you need Python.  I couldn't do it myself so I asked someone to do it
for Mobile I/O user list I admin.



-- 

- Hiro

Hiroaki Honshuku, A-NO-NE Music, Boston, MA
http://a-no-ne.com http://anonemusic.com


___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

Re: [Finale] The ARCHIVE Password

2005-01-26 Thread Mark D Lew

On Jan 26, 2005, at 12:07 PM, d. collins wrote:
Many mailing lists have searchable archives without these archives 
being open to the public and to Google. I'm not against searchable 
archives, on the contrary, but I'm against having all our exchanges 
indexed by Google. I realize of course it's not up to me to decide. 
But I find this constant tracking and publishing of all our words 
terrifying, and a bit too big-brotheresque to my taste. Not to mention 
the amount of spam it generates.
I gather you don't spend much time on the Usenet then?  To me, having 
all our messages on file archived and tallied somewhere just seems 
normal, whether I like it or not.

For what it's worth, I guess my preference would be that the Finale 
List archives remain google-able, but it's only a slight preference.  
It's not something that I care about enough to lobby for.

mdl
___
Finale mailing list
Finale@shsu.edu
http://lists.shsu.edu/mailman/listinfo/finale

38 matches

Mail list logo