Re: Yikes! E-mail harvesting possibility?

2003-06-10 Thread Richard Gaskin 
curry wrote:

> The best "philosophy" with this regard is yes, to enjoy lists, don't
> let spam take away any of your fun, but also take a very simple
> measure that stops most of the spam: keep the addresses off web pages.
> 
> So, if this list can do that, either by using an archive service with
> protection, or by restricting access to the archives based on a
> password, we will be able to enjoy our discussions about Rev
> thoroughly but also know we won't be helping the spammers!

Anyone serious about fighting spam will also take a moment to write their
elected representatives on the issue.  In the States you can write any
member of the House or Senate at firstgov.com

After a barrage of emails on the issue over many years, the US federal
government is finally taking action at the federal level.  Many European
countries have already started.  While this won't stop the flood from Russia
or China, most spam sent from their servers is done so by US-based
companies, and precedent has been established to consider prosecuting US
companies regardless of the location of the server.

In due time I'm confident spam legislation will become international law.
As with the Berne agreement for copyrights, it won't guarantee an end to the
problem, but few spammers are based in third-world countries (the greatest
volume comes from the US), so it seems reasonable that spam can be contained
from its current 45% of all email traffic down to a manageable 10% or less.

If you live in a democratic country, take a moment to participate in the
process by advising your elected representatives.  They are your employees.

-- 
 Richard Gaskin 
 Fourth World Media Corporation
 Developer of WebMerge 2.2: Publish any database on any site
 ___
 [EMAIL PROTECTED]   http://www.FourthWorld.com
 Tel: 323-225-3717   AIM: FourthWorldInc

___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: Yikes! E-mail harvesting possibility?

2003-06-09 Thread curry 
As Heather said, spam is collected by software, not people. So, 
whether or not to include addresses in the list is not really the 
question; of course, it's better to have them there. I support that. 
But that's not really the issue, so focusing on it may draw attention 
away from the real issue.

The danger comes when the addresses are placed on web pages. Then 
they become targets for the spam bots. It takes a while for your 
address to be collected, added to a spam collection, purchased, and 
used in spam. I'm seeing a lot of spam for the "sins" in not 
protecting my address which I committed two and three years ago. (I 
plan to eventually replace and retire that old address now that I've 
started being more vigilant with new ones.)

The best "philosophy" with this regard is yes, to enjoy lists, don't 
let spam take away any of your fun, but also take a very simple 
measure that stops most of the spam: keep the addresses off web pages.

So, if this list can do that, either by using an archive service with 
protection, or by restricting access to the archives based on a 
password, we will be able to enjoy our discussions about Rev 
thoroughly but also know we won't be helping the spammers!

Thanks,

Curry
___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: Yikes! E-mail harvesting possibility?

2003-06-09 Thread Wolfgang M. Bereuter 
On Monday, Jun 9, 2003, at 14:06 Europe/Vienna, Heather Williams wrote:

and a philosophical attitude
are my current preferred weapons in the war against spam.
I m keen to hear about your philosophical weapon against spam..;))

regards
Wolfgang M. Bereuter
Learn easy with trainingsmapsĀ©
INTERNETTRAINER Wolfgang M. Bereuter
Edelhofg. 17/11, A-1180 Wien, Austria
...
http://www.internettrainer.com, [EMAIL PROTECTED]
...
Tel: ++43/1/ 961 0418, Fax: ++43/1/ 479 2539
___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: Yikes! E-mail harvesting possibility?

2003-06-09 Thread Heather Williams 
Greetings!

If I can snip and match a few different posts on this issue:

> Might want to check out The Mail Archive, a free archiving service
> used by some other listservs I subscribe to. It obfuscates any
> embedded emails, whether in signatures or in headers or in the text of
> the emails. Not sure how they manage this, but it's a great way of
> making the list archives pubicly available and still protected.


Thanks Mark, I'll look into it.

>> It is perfectly reasonable to communicate with individuals
>> via the list.  If the RR list moderators could remove
>> e-mail addresses from the digests I belive they would do us
>> all a favour.
> 
> Perhaps, but sometimes on-list conversations become off-list ones, and
> in order for someone to email someone off-list, they need to know what
> the person's email address is. If there is a direct connection between
> the email addresses on the list and an increase in spam, I'd agree with
> you, but until that is proven, I think it is beneficial to have the
> email addresses in the digest.

The consensus on that very quickly became clear. The benefit of having non
anonymous posts far outweighs the spam risk for most people.

> Apart from the harvesting aspect there is the simple fact
> that the e-mail digests contain all the e-mail addresses of
> the contributors.  So far I have not been able to identify
> any of the piles of SPAM I seem to get as originating from
> somebody having subscribed to the e-mail digest - but any
> SPAMMER must be incredibly stupid if they don't see this
> possibility.

Yes, but to take advantage of these email addresses, the would be spammer
first has to subscribe to the list. That's why this is a double opt in list.
It protects you from the vast majority of spammers, because they are robots,
not people.

Spam is a problem. I say this as one who gets vast quantities of the stuff
every day. But to let it diminish the value of our legitimate activities is
to let it win! Spam filters, the delete button, and a philosophical attitude
are my current preferred weapons in the war against spam.

I think for the moment, if the spam risk really worries you, you should mung
your email address in some way so that it won't get quoted in usable form.
We will continue to look at other possible solutions that don't diminish the
value of the list.

Regards,

Heather

-- 
Heather Williams <[EMAIL PROTECTED]> 
Runtime Revolution Ltd.
Tel: +44 (0) 131 7184333 Fax: +44 (0)1639 830707
Revolution: Software at the Speed of Thought

___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: Yikes! E-mail harvesting possibility?

2003-06-08 Thread Mark Wieder 
Might want to check out The Mail Archive, a free archiving service
used by some other listservs I subscribe to. It obfuscates any
embedded emails, whether in signatures or in headers or in the text of
the emails. Not sure how they manage this, but it's a great way of
making the list archives pubicly available and still protected.

http://www.mail-archive.com/faq.html

>From the FAQ:

"The Mail Archive utilizes two levels of electronic countermeasures to
prevent spam incidents. First, we explicitly block spam harvesting
robots (spambots) from accessing our server. We deny access, at the
server level, for any software that matches the browser ID of a known
spambot. Our second line of defense is to make sure that the web pages
themselves are spambot resistant. We do not use any unshielded mailto:
hyperlinks, email addresses and we strip out, scramble, or obfuscate
email addresses from message headers and bodies. Yet we still provide
a way for people to reply to an archived message, using their regular
email software. This feat is achieved with a special POST protected
CGI gateway which returns a mailto: URL to the user agent. This
technique is extremely effective in blocking generic spam harvesting
robots; for more information, see Mullane's Spambot Beware guide. The
effectiveness of our spam-blocking preventative measures are monitored
by spambot trap addresses like [EMAIL PROTECTED]"

-Mark Wieder


___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

RE: Yikes! E-mail harvesting possibility?

2003-06-06 Thread Ken Norris 
**
> From: "Ken Ray" <[EMAIL PROTECTED]>
> Subject: RE: Yikes! E-mail harvesting possibility?
> Date: Fri, 6 Jun 2003 09:14:08 -0500

> 
>> It is perfectly reasonable to communicate with individuals
>> via the list.  If the RR list moderators could remove
>> e-mail addresses from the digests I belive they would do us
>> all a favour.
> 
> Perhaps, but sometimes on-list conversations become off-list ones, and
> in order for someone to email someone off-list, they need to know what
> the person's email address is. If there is a direct connection between
> the email addresses on the list and an increase in spam, I'd agree with
> you, but until that is proven, I think it is beneficial to have the
> email addresses in the digest.
--
I agree. Again, lets take it to conclusion. If I close off my email to
everything else, I'll be sending messages only to myself. Pretty boring, at
best.

Ken N.

___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

RE: Yikes! E-mail harvesting possibility?

2003-06-06 Thread David Vaughan 
On Saturday, Jun 7, 2003, at 00:26 Australia/Sydney, "Ken Ray" 
<[EMAIL PROTECTED]> wrote:

It is perfectly reasonable to communicate with individuals
via the list.  If the RR list moderators could remove
e-mail addresses from the digests I belive they would do us
all a favour.
Perhaps, but sometimes on-list conversations become off-list ones, and
in order for someone to email someone off-list, they need to know what
the person's email address is. If there is a direct connection between
the email addresses on the list and an increase in spam, I'd agree with
you, but until that is proven, I think it is beneficial to have the
email addresses in the digest.
I agree. I am one who has been on this list for a year and a half but 
my spamming rate remains very low and quite stable.

Famous Last Words.

cheers
David
post script: Apple Mail's Junk feature works well, tool.
Ken Ray
Sons of Thunder Software
Email: [EMAIL PROTECTED]
Web Site: http://www.sonsothunder.com/ 
___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

RE: RE: Yikes! E-mail harvesting possibility?

2003-06-06 Thread Edwin Gore 

What about having whatever script it is that processes the emails into the web pages 
simply automatically inserts "*4 random characters*" after any @ symbols that it sees. 
That makes it easy to see the real address, but the randomized "no spam" inserted into 
the middle makes it very hard to harvest an email address. Plus, @ symbols don't show 
up tht often in posts unless it's an email address.

Though, for off-list conversations, the email address is in the original email 
message, so it's not to hard to get to someone off list if you keep a couple  of days 
worth of list mail in your mail client.

>- --- Original Message --- -
>From: "Ken Ray" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Fri, 6 Jun 2003 09:14:08
>
>> It is perfectly reasonable to communicate with
>individuals
>> via the list.  If the RR list moderators could
>remove
>> e-mail addresses from the digests I belive they
>would do us
>> all a favour.
>
>Perhaps, but sometimes on-list conversations become
>off-list ones, and
>in order for someone to email someone off-list,
>they need to know what
>the person's email address is. If there is a direct
>connection between
>the email addresses on the list and an increase in
>spam, I'd agree with
>you, but until that is proven, I think it is
>beneficial to have the
>email addresses in the digest.
>
>Ken Ray
>Sons of Thunder Software
>Email: [EMAIL PROTECTED]
>Web Site: http://www.sonsothunder.com/ 
>
>
>___
>use-revolution mailing list
>[EMAIL PROTECTED]
>http://lists.runrev.com/mailman/listinfo/use-revolu
>tion
___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

RE: Yikes! E-mail harvesting possibility?

2003-06-06 Thread Ken Ray 
> It is perfectly reasonable to communicate with individuals
> via the list.  If the RR list moderators could remove
> e-mail addresses from the digests I belive they would do us
> all a favour.

Perhaps, but sometimes on-list conversations become off-list ones, and
in order for someone to email someone off-list, they need to know what
the person's email address is. If there is a direct connection between
the email addresses on the list and an increase in spam, I'd agree with
you, but until that is proven, I think it is beneficial to have the
email addresses in the digest.

Ken Ray
Sons of Thunder Software
Email: [EMAIL PROTECTED]
Web Site: http://www.sonsothunder.com/ 


___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

Yikes! E-mail harvesting possibility?

2003-06-06 Thread Mathewson 
Quite.

Apart from the harvesting aspect there is the simple fact
that the e-mail digests contain all the e-mail addresses of
the contributors.  So far I have not been able to identify
any of the piles of SPAM I seem to get as originating from
somebody having subscribed to the e-mail digest - but any
SPAMMER must be incredibly stupid if they don't see this
possibility.

It is perfectly reasonable to communicate with individuals
via the list.  If the RR list moderators could remove
e-mail addresses from the digests I belive they would do us
all a favour.

Richmond Mathewson
---
Great Macintosh Products 
 The MacLaunch Store! http://www.maclaunch.com/cgi-launch/store/agora.cgi
---
___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution

Yikes! E-mail harvesting possibility?

2003-06-05 Thread curry 
I was reading the list archive on the runrev web page, and noticed 
that while most addresses are stripped from the main listing and from 
primary posts (as long as there is a name with the e-mail) BUT in 
replies, if e-mail address was inserted in the he-said line prefacing 
a quote, it's revealed in the archive! Same thing for anyone that put 
an e-mail down in their sig line.

Is there anything that can be done about this? I've been careful 
guarding this address from spam, and didn't realize there was a hole 
in this list's archive. I hope it can be adjusted as soon as 
possible!-??? I would be all for taking down the archive while 
adjusting!

Either the archive needs to strip out anything that looks like e-mail 
from the message body, or have the archive pages access protected by 
password.

(Of course, it would be a good idea for people to edit the other 
person's e-mail address out of the he-said line anyway, but that 
won't do for ensuring protection for the archive, because it will 
happen sometimes if that's the way the e-mail apps or web mail 
defaults for the quoting, and it's already happened.)

(I think spam can be cut down by guarding, I'm even planning to 
javascript any e-mail links on my web page from now on.)

Thanks,

Curry
___
use-revolution mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/use-revolution