Re: [Finale] The ARCHIVE Password
Roger Julià Satorra wrote: -- dhbailey[EMAIL PROTECTED] wrote: But now that your e-mail is out there on the marketed spam lists, nothing any archive is going to do will change that. That's provably true, but new members who haven't post yet and who don't receive spam can post here and get infected by spam. Also, I'm sure that part of the members who don't post is just for this reason. I think that I had just posted one reply when I realized that it was public. From then I thought that I wouldn't post here unless this policy of having the arcive open to everybody changed. You show me someone, ANYone who has an e-mail address but who hasn't gotten any spam before joining this list (or any other list) and I'll show you someone with a non-functioning e-mail address! Just read Christopher's post about his brand-new, never used, never publicized e-mail address, where the first messages he received were spam. But you were happy to read the posts of others who were willing to risk the publication of their e-mail addresses? Coy, very coy! Take what you want in secrecy without being willing to share. Nice, very nice. -- David H. Bailey [EMAIL PROTECTED] ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
OK, I concede that most of the algorithm-based CC's are to my junk account with Hotmail etc., where there's going to be a higher hit-rate for randomly generated addresses. Simon Troup wrote: That's odd, because when I see an email with a lot of addresses CC'd at my ISP, the addresses are all real addresses (I've checked by viewing the USR directory of my ISP's server). That shows that the addresses really *are* harvested, not made up by algorithm. This is not to say that there aren't plenty such spammers using algorithmically created spam lists, just that harvesting is real. It's *very* real. I agree. If Owains theory was correct (that email addressed to simon.troup is random) I should also be getting some stuff addressed to [EMAIL PROTECTED] and [EMAIL PROTECTED] This is clearly not the case. I've got catch all email setup on my server, so I see every every message. There's next to no random stuff on there except when people try to spoof my address for sending spam and I get the message undeliverable notices. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
Well, my account for mailing lists is [EMAIL PROTECTED], and most of the spam on that address is clearly addressed to exactly that address, which is not exactly a very common address, both before and after the @. Some spam is addressed to [EMAIL PROTECTED], but none is addressed to any random names (which I would receive as well). I am afraid I put the blame on the Finale archives. When I google for this address, all that shows up is a few results from the archive. Surprisingly few, (4) but it's enough to generate quite an amount of Spam. As far as I know the Finale list archives have been obscuring email addresses for some time, but it seems it didn't always work. That's bad enough and for that reason I am happy that the archives are going to be private in the future. Johannes Owain Sutton wrote: OK, I concede that most of the algorithm-based CC's are to my junk account with Hotmail etc., where there's going to be a higher hit-rate for randomly generated addresses. Simon Troup wrote: That's odd, because when I see an email with a lot of addresses CC'd at my ISP, the addresses are all real addresses (I've checked by viewing the USR directory of my ISP's server). That shows that the addresses really *are* harvested, not made up by algorithm. This is not to say that there aren't plenty such spammers using algorithmically created spam lists, just that harvesting is real. It's *very* real. I agree. If Owains theory was correct (that email addressed to simon.troup is random) I should also be getting some stuff addressed to [EMAIL PROTECTED] and [EMAIL PROTECTED] This is clearly not the case. I've got catch all email setup on my server, so I see every every message. There's next to no random stuff on there except when people try to spoof my address for sending spam and I get the message undeliverable notices. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale -- http://www.musikmanufaktur.com http://www.camerata-berolinensis.de ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
Just one more addition: If I enter lists-at-musikmanufaktur in google I get a lot of results, almost all of them from the Finale lists. Anyone should know that the spiders are intelligent enough to find lists at musikmanufaktur.com and translate it back into an email address (simple enough to find places that contain at and .com in the same line). That's precisely where most of my spam on that lists originates. The only way such archives should be allowed public is by simply hiding email addresses completely. Johannes -- http://www.musikmanufaktur.com http://www.camerata-berolinensis.de ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
David W. Fenton wrote: If that's the kind of obfuscation to be used, then the archive should not be public. If email addresses are obfuscated, they should be wholly obfuscated, and not available to either human or software viewers of the page. to which I would observe that with the processor speed these days, it's probably trivial to harvest email addresses out of the body of the message, not only those which are not obfuscated, but those which have been self-obfuscated. The heuristic for this would be simple: find every instance of net, com, c., and take the characters immediately preceding, discard any spaces, convert any instances of dot to a period, check the string immediately preceding that against a list of known domains, and convert any instances of at before the domain to the @ sign, and consider the characters preceding that to be a user name. Personally in my view, the most expedient solution to Spam, virii, and worms, is to do as I have done: next time you get a new computer, save the old one, remove everything from it except the OS, a browser, and internet related plug ins, and use only the Iomega network for transferring files from your internet machine to any other. Also, learn to use the filtering capabilities of your browers, create your own spam traps. Finally, regularly back up the email archives you wish to save. Then, in the worst case, your internet machine is infected with a virus, it becomes trivial to low-level format the HDD, reinstall the OS and plug-ins, and restore archives. If you really want to have your main machines connected to the internet, set up a local server, and put in two firewalls, one between the internet connection and your bread-and-butter machines, and one between the internet connectiona dn your ISP's server. ns ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
Simon Troup wrote: I tire of this belief that all spam is from harvested emails. A good proportion of the spam I receive (on several different accounts) is also CCed to endless permutations of my surname - all it takes is a list of first names, a list of surnames, a list of top level domains, and software. Much easier than bothering to trawl the web. Nearly all my spam is directed directly at that email address, please don't presume that I'm deluded in linking the two events. But now that your e-mail is out there on the marketed spam lists, nothing any archive is going to do will change that. And it still remains to see how much spam is generated by spiders trolling archives such as the ones as SHSU. I've been using this address for over 2 years now (almost 3) on this list and I receive perhaps 10 spams per day. I still have the old e-mail address active (it's from my ISP) which was active on this list for the past 4 years, and it gets about 5 spam e-mails a day. So if we compare our two experiences, I would feel safe in claiming that your spams are NOT coming as a result of your e-mail being posted in the formerly-public archives at SHSU. Mine certainly hasn't been, and I include mine in the signature of every e-mail I send to the list, so it'll be in each archived message twice. And goodness knows I post quite a lot to this list, so if anybody was a target of spam from spider trolling, I would be a primary target. -- David H. Bailey [EMAIL PROTECTED] ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On Jan 28, 2005, at 7:28 PM, Simon Troup wrote: They'll hit on simon+troup fairly often. Hi Owain, I didn't mention google, a mail spider will connect to the first page of a site such as suse.com and spider the site from there, google probably has nothing to do with it as you suggest. Only a very small proportion of mail I receive is the result of randomly generated names. I enabled a new address a few months ago, but didn't use it, or even configure it, for a couple of weeks. The first time I entered all my information into Mail and went to check that it was operational, I had two pieces of spam waiting for me, dated one week previously and two weeks previously (remember that I hadn't given this email address to ANYONE yet!) I was a little taken aback, to say the least! Christopher ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
At 10:24 AM 01/29/2005, Noel Stoutenburg wrote: leads me to the speculate a bit. When you set up an email account, your ID is placed in some table. Now if a person, not necessarily associated with your ISP knows the address of that table, and how to access it's contents, it would be trivial to read the table on a routine basis, and find out the new user names, and determine which are no longer in the table. I'm not sure how this is done technically, but I know for a fact that there is a certain amount of spam delivered by a method similar to this. For a couple of years, mail for sherber.com was handled by Everyone.net. At the beginning of January, I switched all hosting to a new hosting service. Even today, when there are presumably no MX records anywhere on the Internet linking sherber.com to Everyone.net, I am still receiving a trickle of spam in the box at Everyone.net (the account is still active there). The only way this could happen is if someone accesses the SMTP server at Everyone.net and gets a list of all accounts on the server (or marks a message for delivery to all existing accounts, or some such thing). Aaron. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: Re: [Finale] The ARCHIVE Password
-- dhbailey[EMAIL PROTECTED] wrote: But now that your e-mail is out there on the marketed spam lists, nothing any archive is going to do will change that. That's provably true, but new members who haven't post yet and who don't receive spam can post here and get infected by spam. Also, I'm sure that part of the members who don't post is just for this reason. I think that I had just posted one reply when I realized that it was public. From then I thought that I wouldn't post here unless this policy of having the arcive open to everybody changed. Roger ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On 29 Jan 2005 at 5:29, Noel Stoutenburg wrote: David W. Fenton wrote: If that's the kind of obfuscation to be used, then the archive should not be public. If email addresses are obfuscated, they should be wholly obfuscated, and not available to either human or software viewers of the page. to which I would observe that with the processor speed these days, it's probably trivial to harvest email addresses out of the body of the message, not only those which are not obfuscated, but those which have been self-obfuscated. . . . By obfuscated, I mean not readable or constructable from the data displayed on the page. The archive that I saw that was obfuscated when viewed but not when googled had this for the email addresses: [email address hidden]. No computer could get the email address from that. Nor could a human being, and I don't mind that. . . . The heuristic for this would be simple: find every instance of net, com, c., and take the characters immediately preceding, discard any spaces, convert any instances of dot to a period, check the string immediately preceding that against a list of known domains, and convert any instances of at before the domain to the @ sign, and consider the characters preceding that to be a user name. I don't know if anyone has tested whether spammers are harvesting human-obfuscated email addresses -- it could be done by the same methodology that was used in the spam trap test a year or so ago, where it was found that by far the largest amount of spam was harvested from email addresses found on web pages (something like 75% of it vs. a relatively minuscule amount for the next highest source, Usenet, which was something like 10%). Somehow, I strongly doubt the spammers are being that clever. They are criminals, after all (in my opinion), and criminals are notoriously stupid people in general. Personally in my view, the most expedient solution to Spam, virii, and worms, is to do as I have done: next time you get a new computer, save the old one, remove everything from it except the OS, a browser, and internet related plug ins, and use only the Iomega network for transferring files from your internet machine to any other. Also, learn to use the filtering capabilities of your browers, create your own spam traps. Finally, regularly back up the email archives you wish to save. I don't get viruses. And the only way I could get rid of spam (temporarily) is to change email addresses. None of your advice above really helps either of those issues at all. Then, in the worst case, your internet machine is infected with a virus, it becomes trivial to low-level format the HDD, reinstall the OS and plug-ins, and restore archives. Viruses and spam are two wholly separate issues. I haven't had a virus infection since about 1997 or so (back when boot sector viruses were the most common), but I've been getting lots of spam. If you really want to have your main machines connected to the internet, set up a local server, and put in two firewalls, one between the internet connection and your bread-and-butter machines, and one between the internet connectiona dn your ISP's server. No one should connect their PC directly to the Internet. A full-scale firewall is not entirely required. A NAT router prevents any incoming connections from getting to your computer (unless you explicitly redirect the ports involved), and a software firewall on the PC will allow you to control outgoing connections in ways that dedicated firewall boxes never allow at all (i.e., you can authorize outgoing connections by application, which can never be known by an external device). -- David W. Fentonhttp://www.bway.net/~dfenton David Fenton Associateshttp://www.bway.net/~dfassoc ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On 29 Jan 2005 at 9:24, Noel Stoutenburg wrote: Christopher's report: I enabled a new address a few months ago, but didn't use it, or even configure it, for a couple of weeks. The first time I entered all my information into Mail and went to check that it was operational, I had two pieces of spam waiting for me, dated one week previously and two weeks previously (remember that I hadn't given this email address to ANYONE yet!) I was a little taken aback, to say the least! leads me to the speculate a bit. When you set up an email account, your ID is placed in some table. Now if a person, not necessarily associated with your ISP knows the address of that table, and how to access it's contents, it would be trivial to read the table on a routine basis, and find out the new user names, and determine which are no longer in the table. The only place that an email address is kept is in the configuration data for an ISP. By default, those files should be inaccessible to outsiders. It would depend on the email username Christopher set up, but my guess is that the source is either an algorithmic crack (using common email usernames) or the address was actually published somewhere, like in a WHOIS listing. I set up dfenton.com in early December and set up a half dozen or so email addresses. I have yet to receive a single piece of spam. I certainly see a number of machines connecting to the site (even though it's never been publicized anywhere), but I assume those somehow got their information from WHOIS and that most are attempted exploits of Windows-based web servers running the execrable IIS (which my host is not -- Apache all the way!). I have only one address on my domain protected by challenge/response, the address I most want to protect from spam (and which I'm never going to use publicly). That address could be algorithmicly constructed from my domain name, and that's why I have locked it up and intend not to use it. I don't think Christopher's case is one of the ISP's records being compromised. I think it's more likely that the ISP provided the address to someone who published it in a manner that allowed it to be harvested by a spammer. That's why I'm glad my ISP knows nothing about the email addresses I'm setting up on my domain. -- David W. Fentonhttp://www.bway.net/~dfenton David Fenton Associateshttp://www.bway.net/~dfassoc ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On 29 Jan 2005 at 10:37, Aaron Sherber wrote: At 10:24 AM 01/29/2005, Noel Stoutenburg wrote: leads me to the speculate a bit. When you set up an email account, your ID is placed in some table. Now if a person, not necessarily associated with your ISP knows the address of that table, and how to access it's contents, it would be trivial to read the table on a routine basis, and find out the new user names, and determine which are no longer in the table. I'm not sure how this is done technically, but I know for a fact that there is a certain amount of spam delivered by a method similar to this. For a couple of years, mail for sherber.com was handled by Everyone.net. At the beginning of January, I switched all hosting to a new hosting service. Even today, when there are presumably no MX records anywhere on the Internet linking sherber.com to Everyone.net, I am still receiving a trickle of spam in the box at Everyone.net (the account is still active there). The only way this could happen is if someone accesses the SMTP server at Everyone.net and gets a list of all accounts on the server (or marks a message for delivery to all existing accounts, or some such thing). Eh? If the account existed and was on spammers' lists before you shut down the Everyone.net hosting, then it's just leftover and coming through just because the account is still active (or you have crazily set up a catch-all, which is useless in the age of spam, in my opinion). If you shut down the Everyone.net host entirely, the spammers would still be sending to those email addresses, they just wouldn't go anywhere. -- David W. Fentonhttp://www.bway.net/~dfenton David Fenton Associateshttp://www.bway.net/~dfassoc ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
David W. Fenton wrote: No one should connect their PC directly to the Internet. A full-scale firewall is not entirely required. A NAT router prevents any incoming connections from getting to your computer (unless you explicitly redirect the ports involved), and a software firewall on the PC will allow you to control outgoing connections in ways that dedicated firewall boxes never allow at all (i.e., you can authorize outgoing connections by application, which can never be known by an external device). Unless there's some incentive for ISPs to provide expensive routers (instead of cheap USB ADSL modems), this won't happen. And most people don't understand that there's a big risk through poor security - the tiny minority who get stung by dialers or by phishing or whatever are enough to pay the wages of all the criminals involved. We 'happy many' just get stuck with endless spam that's eventually going to pick out those hapless individuals. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
At 07:53 PM 01/29/2005, David W. Fenton wrote: Eh? If the account existed and was on spammers' lists before you shut down the Everyone.net hosting, then it's just leftover and coming through just because the account is still active (or you have crazily set up a catch-all, which is useless in the age of spam, in my opinion). If you shut down the Everyone.net host entirely, the spammers would still be sending to those email addresses, they just wouldn't go anywhere. My email address is the same as it was (now I'm reluctant to even mention it, but it's in the header of this email g). A month ago, I changed the MX records for sherber.com from Everyone.net to a different hosting service. DNS takes two or three days to propagate, but surely after 4 weeks there can't be any DNS records still pointing to Everyone.net. The sherber.com *account* still exists at Everyone.net, since I just haven't gotten around to cancelling, and so I can still log in to webmail there -- and when I do there are a few new spam messages each day. Since any legitimately sent email would pick up the new MX record and wind up at my new host, I conclude that the only way spam winds up in the Everyone.net box is by hacking the Everyone.net SMTP server. But I'm willing to listen to other explanations. Aaron. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On 29 Jan 2005 at 20:09, Aaron Sherber wrote: At 07:53 PM 01/29/2005, David W. Fenton wrote: Eh? If the account existed and was on spammers' lists before you shut down the Everyone.net hosting, then it's just leftover and coming through just because the account is still active (or you have crazily set up a catch-all, which is useless in the age of spam, in my opinion). If you shut down the Everyone.net host entirely, the spammers would still be sending to those email addresses, they just wouldn't go anywhere. My email address is the same as it was (now I'm reluctant to even mention it, but it's in the header of this email g). A month ago, I changed the MX records for sherber.com from Everyone.net to a different hosting service. DNS takes two or three days to propagate, but surely after 4 weeks there can't be any DNS records still pointing to Everyone.net. The sherber.com *account* still exists at Everyone.net, since I just haven't gotten around to cancelling, and so I can still log in to webmail there -- and when I do there are a few new spam messages each day. Since any legitimately sent email would pick up the new MX record and wind up at my new host, I conclude that the only way spam winds up in the Everyone.net box is by hacking the Everyone.net SMTP server. But I'm willing to listen to other explanations. I strongly doubt that's a valid explanation. Much more likely is that the spammers are using an SMTP program that caches the DNS information for too long. I think too many people are willing to scream HACKERS! instead of thinking about valid explanations that don't involve nefarious activity. -- David W. Fentonhttp://www.bway.net/~dfenton David Fenton Associateshttp://www.bway.net/~dfassoc ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
At 08:34 PM 01/29/2005, David W. Fenton wrote: I strongly doubt that's a valid explanation. Much more likely is that the spammers are using an SMTP program that caches the DNS information for too long. Yes, that's also possible. A random sampling of the headers of these emails shows that the first Received header is from the originating machine and by the Everyone.net SMTP server; most legitimate email I get has a first Received header from the originating machine and by *their* SMTP server (or their ISP's SMTP server). I assumed this meant that they were somehow getting information directly from Everyone.net, but I suppose they could just have their own very outdated DNS info and are sending things direct to target SMTP servers. Aaron. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On Jan 27, 2005, at 2:21 AM, d. collins wrote: For what it's worth, I guess my preference would be that the Finale List archives remain google-able, but it's only a slight preference. It's not something that I care about enough to lobby for. Why Google, since it's possible to have searchable archives without making them public? Well, I suppose the answer to your question is that I like the idea of them being public. In general, I think sharing of information is a good thing, and Google is a better way of sharing with everyone. As for privacy, I don't think of this list as being private at all; I think of it as public. That is probably due to my extensive experience with the Usenet and various Web-based forums, where everything is surely very public. But as I said before, it's not something I'm lobbying for. I'm happy for the Finale archives to be stored or not stored however the community as a whole prefers. mdl ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
Mark D Lew / 05.1.28 / 05:01 AM wrote: As for privacy, I don't think of this list as being private at all; I think of it as public. That's not the point. I just ran Google with your email address (not name but address), and there you are so many hits. You don't mind this? I do. -- - Hiro Hiroaki Honshuku, A-NO-NE Music, Boston, MA http://a-no-ne.com http://anonemusic.com ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On Jan 28, 2005, at 8:22 AM, A-NO-NE Music wrote: That's not the point. I just ran Google with your email address (not name but address), and there you are so many hits. You don't mind this? I do. Not really. It bothers me much more that every time I go to an airport, bank, shopping mall, convenience store, etc, pictures are taken of me. But that's life in the modern world. mdl ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
I'm becoming more and more ambivalentin the offense battle against spam, which it appears we're losing on a monumental scale. My personal approach has been to pragmatically shift from endorsing the capture and painful execution of the perps (!)to basically creating a firewall with as much impermeability as possible. My preference would be tokeep the archives fully, easily and if necessary publicly searchable; besides -- apropos the info gathering now prevalent in the world: anyone hypothetically taking my pictures deserves thepunishment of having to view them... Best, Les Les MarsdenFounding Music Director and Conductor, The Mariposa Symphony OrchestraMusic and Mariposa? Ah, Paradise!!! http://arts-mariposa.org/symphony.htmlhttp://www.sierratel.com/mcf/nprc/mso.htm - Original Message - From: Johannes Gebauer To: finale@shsu.edu Sent: Friday, January 28, 2005 11:52 AM Subject: Re: [Finale] The ARCHIVE Password I sort of agree with both of you. I wouldn't mind the Finale list being public and searchable, were it not for the Spam this has generated in the past. I am also much more bothered by the constant data that is being gathered about me - photos are probably the least important of that data.JohannesMark D Lew wrote: On Jan 28, 2005, at 8:22 AM, A-NO-NE Music wrote: That's not the point. I just ran Google with your email address (not name but address), and there you are so many hits. You don't mind this? I do. Not really. It bothers me much more that every time I go to an airport, bank, shopping mall, convenience store, etc, pictures are taken of me. But that's life in the modern world. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On Fri, 28 Jan 2005 21:14:04 +0100, d. collins [EMAIL PROTECTED] wrote: Owain Sutton écrit: If you feel this way about privacy, you shouldn't be sending messages through mailing lists such as this - sending messages to an unknown number of recipients and then complaining that your address is identifiable is illogical. No it isn't, since there's no reason it has to be this way. I'm subscribed to about a dozen mailing lists, none of which make their archives public (i.e. have them indexed by Google). Many of them have nevertheless searchable archives. On what grounds can you say that a mailing list has to be what you would like it to be? The very idea of a mailing list is based on the notion of subscription and membership. If you want to participate - by posting, reading, searching the archives - you subscribe. If you don't, you go elsewhere (Usenet, or whatever) to find what you're looking for. I think what he's saying is that every message you send to the list, as well as your email address, can been seen by anybody who sets up a free (automated and unrestricted) subscription to the Finale list. A list I subscribe to requires you to answer a few questions from the moderator before you can be added to the subscribers list. This keeps unauthorized visitors out (especially since it's the official list of a professional society), but the Finale list does no such thing. Anybody can email the mailman robot and get automatically added, no matter who they are. You have no idea who has done that, so in effect you are sending messages to an unknown number of recipients. -- Brad Beyenhof [EMAIL PROTECTED] my blog: http://augmentedfourth.blogspot.com FinaleIRC (come chat!): http://finaleirc.com ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
Owain Sutton wrote: Mark D Lew wrote: On Jan 28, 2005, at 8:22 AM, A-NO-NE Music wrote: That's not the point. I just ran Google with your email address (not name but address), and there you are so many hits. You don't mind this? I do. Not really. It bothers me much more that every time I go to an airport, bank, shopping mall, convenience store, etc, pictures are taken of me. But that's life in the modern world. It doesn't bother me, either. If you feel this way about privacy, you shouldn't be sending messages through mailing lists such as this - sending messages to an unknown number of recipients and then complaining that your address is identifiable is illogical. Especially since there isn't any proof of identity or actual interest in Finale content for anybody who joins this list. Any of us could simply be e-mail cullers -- there is a huge number of lurkers who never post. Who has any idea how many of them are simply here to watch you? -- David H. Bailey [EMAIL PROTECTED] ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
I'd just like to chip in that if you do a search for [EMAIL PROTECTED] you get a bunch of hits from mailing lists such as PHP and Suse Linux - I didn't realise that those lists published their archives WITH email addresses to the web. That scenario is clearly stupid and should be avoided at all costs. I now get 400+ emails a day, only about 20 of the legitimate, the rest is spam. The very least that mailing lists should do is to withold email addresses, or make them so that email spiders cannot retrieve them. Leaving unencrypted email address in archives is completely irresponsible. -- Simon Troup Digital Music Art - Finale IRC channel server: irc.chatspike.net port: 6667 channel: #Finale - ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
Simon Troup wrote: I'd just like to chip in that if you do a search for [EMAIL PROTECTED] you get a bunch of hits from mailing lists such as PHP and Suse Linux - I didn't realise that those lists published their archives WITH email addresses to the web. That scenario is clearly stupid and should be avoided at all costs. I now get 400+ emails a day, only about 20 of the legitimate, the rest is spam. The very least that mailing lists should do is to withold email addresses, or make them so that email spiders cannot retrieve them. Leaving unencrypted email address in archives is completely irresponsible. I tire of this belief that all spam is from harvested emails. A good proportion of the spam I receive (on several different accounts) is also CCed to endless permutations of my surname - all it takes is a list of first names, a list of surnames, a list of top level domains, and software. Much easier than bothering to trawl the web. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
I tire of this belief that all spam is from harvested emails. A good proportion of the spam I receive (on several different accounts) is also CCed to endless permutations of my surname - all it takes is a list of first names, a list of surnames, a list of top level domains, and software. Much easier than bothering to trawl the web. Nearly all my spam is directed directly at that email address, please don't presume that I'm deluded in linking the two events. -- Simon Troup Digital Music Art - Finale IRC channel server: irc.chatspike.net port: 6667 channel: #Finale - ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
Simon Troup wrote: I tire of this belief that all spam is from harvested emails. A good proportion of the spam I receive (on several different accounts) is also CCed to endless permutations of my surname - all it takes is a list of first names, a list of surnames, a list of top level domains, and software. Much easier than bothering to trawl the web. Nearly all my spam is directed directly at that email address, please don't presume that I'm deluded in linking the two events. Assuming you're talking about the digitalmusicart.com address, you're on te very low end of Google results. Just because spam is directed at a particular address doesn't prove that it's the result of publicity for that address. As I've already mentioned, I get endless spam which is clearly targetting every permutation of first and surnames for a given TLD. They'll hit on simon+troup fairly often. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On 28 Jan 2005 at 2:01, Mark D Lew wrote: On Jan 27, 2005, at 2:21 AM, d. collins wrote: For what it's worth, I guess my preference would be that the Finale List archives remain google-able, but it's only a slight preference. It's not something that I care about enough to lobby for. Why Google, since it's possible to have searchable archives without making them public? Well, I suppose the answer to your question is that I like the idea of them being public. In general, I think sharing of information is a good thing, and Google is a better way of sharing with everyone. As for privacy, I don't think of this list as being private at all; I think of it as public. That is probably due to my extensive experience with the Usenet and various Web-based forums, where everything is surely very public. I really agree with all of that. My only request of a public archive is that email addresses should be obfuscated so that spammers can't harvest them. If that can't be done, then no archive should be public. But as I said before, it's not something I'm lobbying for. I'm happy for the Finale archives to be stored or not stored however the community as a whole prefers. I've barely ever used the archives, as I don't find the information in them to be helpful -- it's usually too dated, or the discussions too convoluted to follow after the fact. -- David W. Fentonhttp://www.bway.net/~dfenton David Fenton Associateshttp://www.bway.net/~dfassoc ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
I really agree with all of that. My only request of a public archive is that email addresses should be obfuscated so that spammers can't harvest them. If that can't be done, then no archive should be public. I whole heartedly agree with that statement. -- Simon Troup Digital Music Art - Finale IRC channel server: irc.chatspike.net port: 6667 channel: #Finale - ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On 28 Jan 2005 at 23:36, Simon Troup wrote: I'd just like to chip in that if you do a search for [EMAIL PROTECTED] you get a bunch of hits from mailing lists such as PHP and Suse Linux - I didn't realise that those lists published their archives WITH email addresses to the web. Because of this discussion I googled my email address and what I discovered was that my email address is listed in archives that show up in Google, but when you open the page, the email address is obscured! For some reason, Google's web-crawling spider gets the real address, but the actual web page does not. That looks like a huge error in design on the part of the people running the archive -- why obfuscate something that the most widely used automated spider can see? Does that mean that any spider, including a spammer's email harvesting bot can see the addresses, too? If that's the kind of obfuscation to be used, then the archive should not be public. If email addresses are obfuscated, they should be wholly obfuscated, and not available to either human or software viewers of the page. -- David W. Fentonhttp://www.bway.net/~dfenton David Fenton Associateshttp://www.bway.net/~dfassoc ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On 28 Jan 2005 at 23:50, Owain Sutton wrote: I tire of this belief that all spam is from harvested emails. A good proportion of the spam I receive (on several different accounts) is also CCed to endless permutations of my surname - all it takes is a list of first names, a list of surnames, a list of top level domains, and software. Much easier than bothering to trawl the web. That's odd, because when I see an email with a lot of addresses CC'd at my ISP, the addresses are all real addresses (I've checked by viewing the USR directory of my ISP's server). That shows that the addresses really *are* harvested, not made up by algorithm. This is not to say that there aren't plenty such spammers using algorithmically created spam lists, just that harvesting is real. It's *very* real. -- David W. Fentonhttp://www.bway.net/~dfenton David Fenton Associateshttp://www.bway.net/~dfassoc ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
That's odd, because when I see an email with a lot of addresses CC'd at my ISP, the addresses are all real addresses (I've checked by viewing the USR directory of my ISP's server). That shows that the addresses really *are* harvested, not made up by algorithm. This is not to say that there aren't plenty such spammers using algorithmically created spam lists, just that harvesting is real. It's *very* real. I agree. If Owains theory was correct (that email addressed to simon.troup is random) I should also be getting some stuff addressed to [EMAIL PROTECTED] and [EMAIL PROTECTED] This is clearly not the case. I've got catch all email setup on my server, so I see every every message. There's next to no random stuff on there except when people try to spoof my address for sending spam and I get the message undeliverable notices. -- Simon Troup Digital Music Art - Finale IRC channel server: irc.chatspike.net port: 6667 channel: #Finale - ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On Thu, 27 Jan 2005 11:21:16 +0100, d. collins [EMAIL PROTECTED] wrote: Mark D Lew écrit: For what it's worth, I guess my preference would be that the Finale List archives remain google-able, but it's only a slight preference. It's not something that I care about enough to lobby for. Why Google, since it's possible to have searchable archives without making them public? It doesn't necessarily have to be Google-indexed, just searchable in some form or fashion. If the list server at SHSU would implement mailman2 (as Hiro described), there would be no issue here. By the way, I applaud Henry for setting password protection on the archives. Don't get me wrong; I'm glad my personal information and list communication are now private. However, for the archive to be truly functional it will need to be searchable. Up until now, that function was performed by Google; now, something else must be devised. -- Brad Beyenhof [EMAIL PROTECTED] my blog: http://augmentedfourth.blogspot.com my public bookmarks: http://del.icio.us/bbeyenhof ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
[Finale] The ARCHIVE Password
Title: The ARCHIVE Password In response to requests made on and off list, I converted the archives to a members-only status. The upshot is that you now need a password to access them. You were sent a password when you signed up for the list. It will be re-set and re-sent to you if you will go to the italicized section at the bottom of the page: Finale Subscribers (The subscribers list is only available to the list members.) Enter your address and password to visit the subscribers list: Address: Password: Visit Subscriber List To unsubscribe from Finale, get a password reminder, or change your subscription options enter your subscription email address: Unsubscribe or edit options If you leave the field blank, you will be prompted for your email address The address to do this is: http://lists.shsu.edu/mailman/listinfo/finale -- Henry Howey, D.M.A. Professor of Music Sam Houston State University Box 2208 Huntsville, TX 77341 (936) 294-1364 http://www.shsu.edu/~music/faculty/howey.html Owner of FINALE Discussion List ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On Wed, 26 Jan 2005 11:16:15 -0600, Henry Howey [EMAIL PROTECTED] wrote: In response to requests made on and off list, I converted the archives to a members-only status. The upshot is that you now need a password to access them. You were sent a password when you signed up for the list. It will be re-set and re-sent to you if you will go to the italicized section at the bottom of the page: Will there be a provision made for searching the archives? I have nothing against password-protecting the archives, but since they're not public anymore they won't be indexed by Google. I've had great luck in the past finding answers by using Google to search the archives, and I'll greatly miss this ability if no searching facility is added into the mailman/pipermail interface. -- Brad Beyenhof [EMAIL PROTECTED] my blog: http://augmentedfourth.blogspot.com my public bookmarks: http://del.icio.us/bbeyenhof ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
At 12:46 PM 01/26/2005, Brad Beyenhof wrote: archives, and I'll greatly miss this ability if no searching facility is added into the mailman/pipermail interface. I couldn't agree more. There's no point to the archives if they're not searchable. Aaron. ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
I whole-heartedly agree with everything you said. Thanks, Henry! Johannes d. collins wrote: Many mailing lists have searchable archives without these archives being open to the public and to Google. I'm not against searchable archives, on the contrary, but I'm against having all our exchanges indexed by Google. I realize of course it's not up to me to decide. But I find this constant tracking and publishing of all our words terrifying, and a bit too big-brotheresque to my taste. Not to mention the amount of spam it generates. So I take the opportunity to thank Henry for this change. Dennis ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale -- http://www.musikmanufaktur.com http://www.camerata-berolinensis.de ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
Aaron Sherber / 05.1.26 / 01:58 PM wrote: I couldn't agree more. There's no point to the archives if they're not searchable. Well, I don't want to put any pressure to the admin, but Mailman2 does give you search API on the archive interface. It's not a built-in option so you need Python. I couldn't do it myself so I asked someone to do it for Mobile I/O user list I admin. -- - Hiro Hiroaki Honshuku, A-NO-NE Music, Boston, MA http://a-no-ne.com http://anonemusic.com ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
Re: [Finale] The ARCHIVE Password
On Jan 26, 2005, at 12:07 PM, d. collins wrote: Many mailing lists have searchable archives without these archives being open to the public and to Google. I'm not against searchable archives, on the contrary, but I'm against having all our exchanges indexed by Google. I realize of course it's not up to me to decide. But I find this constant tracking and publishing of all our words terrifying, and a bit too big-brotheresque to my taste. Not to mention the amount of spam it generates. I gather you don't spend much time on the Usenet then? To me, having all our messages on file archived and tallied somewhere just seems normal, whether I like it or not. For what it's worth, I guess my preference would be that the Finale List archives remain google-able, but it's only a slight preference. It's not something that I care about enough to lobby for. mdl ___ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale