Hello Januk, On Monday, March 8, 2004 at 6:55:00 PM you [JA] wrote (at least in part):
>> So? What the problem with that? That's exactly the same situation as >> with www.mail-archive.com, where our messages are currently >> archived. JA> But mail-archive.com completely obliterates any string that has even a JA> remote chance of being an address. Except senders address. Before you start crying "But after 'From:' there only is the name and no address ...": have a look at an arbitrary message archived there. Look into HTML sources. Look at the very bottom. Search for something like this: ,----- [ ] | <FORM METHOD="POST" ACTION="/cgi-bin/Nomailto.pl"> | <INPUT TYPE="HIDDEN" NAME="user" VALUE="something"> | <INPUT TYPE="HIDDEN" NAME="host" VALUE="some.other.thing.com"> | <INPUT TYPE="HIDDEN" NAME="subject" VALUE="Whatever the subject was"> | <INPUT TYPE="HIDDEN" NAME="msgid" VALUE="[EMAIL PROTECTED]"> | Reply via email to<br> | | <INPUT TYPE="SUBMIT" VALUE=" Senders name "> | </FORM> `----- Now, as you're a reg-exp developer yourself, try to estimate the time it needs to write a regular expression that extracts 'something' and 'some.other.thing.com' together with 'Senders name' and this way build a nice, huge spammable addresses database. And this is more secure than TMDA-GMane address encryption? DW>>> I'm also not satisfied with "pretty well spam-safe" (especially DW>>> when it was "zero spam risks" only a few days ago) so I won't be DW>>> posting. Yes, I know that nothing is spam-safe - but this is DW>>> where my line is drawn. JA> Sadly, I think I'll have to agree with that. I know a way to make your address 'zero spam risk' leveled: don't use it. Else there'll be /NO/, I repeat: no! way to keep spam risk at zero. But the TMDA technique used on GMane is closest to this zero you can currently achieve. >> Sometimes it seems that people just have to hear the term "USENET" >> and they run screaming for their supply of garlic, holy water and a >> wooden crucifix. JA> They are two very different beasts. If I was willing to post to a JA> newsgroup, I would be using a munged address. But with TB*-groups being readable on GMane you still don't post to a newsgroup. It's only content made available on a different medium, with sensitive information (e-mail-addresses) being effectively protected. I for myself venture to say: better protected than on mail-archive.com. >> Addresses are encrypted in quoted bodies as well as in headers. It's >> safe. We wouldn't be making this move otherwise. JA> Encrypted or obliterated? Encrypted. So it is made sure the author /can/ be contacted, without increasing the risk of spam sent to the author. obliterated addresses make it impossible to the archive reader to contact the author weeks, month or even years later if the answer was not clear enough for this particular reader. GManes TMDA-encrypted addresses keep this gate of communication opened. And to be honest: we're dealing with a MUA on this lists, we're using mailing lists to do this. What we do is /ALL/ about communication. >> Of course, nothing is guaranteed in life (except death and taxes). I'm not yet completely sure about death ... :-) JA> What is to stop them from using a bot to decrypt the addresses? The effort necessary to "decrypt" this "kind of one way encryption". The same that stops most hackers from "decrypting" Unix password files and other related stuff. -- Regards Peter Palmreuther (The Bat! v2.04.4 on Windows XP 5.1 Build 2600 Service Pack 1) Few things work up an appetite like good, wholesome, sadomasochistic sex. ________________________________________________________ Current beta is (none) | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
