[Mailman-Developers] Interesting study -- spam on postedaddresses...

[Jay R. Ashworth]

On Thu, Feb 21, 2002 at 09:23:51AM -0800, Chuq Von Rospach wrote:
> This hits another aspect of my design philosophy. Don't sweat making one
> part of the system more secure than the other parts.

And very well phrased.

> In this case, you hit a nail on the head. If a spammer really, really wants
> your subscribers, we can't stop him. They can simply subscribe to a list and
> harvest it as it comes across. Unless you choose to anonymize every bloody
> message -- a spammer will win if they're motivated enough, and a smart
> spammer will do so in a way you'll never find. Like setting up a hotmail
> address for each list, so you can't see that all 30 lists have the same
> address in common, and simply reading messages as they come by.
> 
> And since, inherently, you can't stop THAT, it makes no sense to make
> archives more secure than that. Any spammer smart enough to be willing to
> subscribe to a list to do their harvesting, you're going to have a very
> tough time stopping. Basically, you have to get lucky or hope they make a
> mistake or some sort.

My problem is with your characterization of that as "smart".  I don't
think that requires a whole helluva lot of brains, myself.

> Yes, I am an agent of Satan, but my duties
> are largely ceremonial.

Are you the guy who goes in the convenience store to get him
cigarettes?

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")