On Friday 22 February 2002 05:28, Dale Newfield wrote:
On Thu, 21 Feb 2002, Damien Morton wrote:
Making a private archive available to those who are list members
I haven't commented on this before, but the reason I find this solution lacking is that most mailman lists (in my experience) don't require list admin permission to join. If this is the hurdle, as a spammer I'd just create a hotmail account that I can automatically subscribe to any mailman mailing list, and then gain access to the honeypot.
I think we're really getting into wild speculation territory here. No one will bother hacking the code to automatically get new free mail accounts (this requires staying up to date with some range of mail service's cgi interface for their join function), automatically join any mailing list they find (same problem as before, coupled with having an automated way of finding lists to plunder), then going through the usual email confirmation step (ok, not hard if your mail service lets you pop mail from them).
No one is going to bother implementing and maintaining this attack while they can grep addresses straight out of Usenet, off the web and out of DNS. If at some point in the future, those sources dry up, then it might be time to rearm. If there's compeling evidence that private archives and voluntary address obfuscation methods are failing, then it's time to rearm. But let's just keep in mind that this will always be an arms race, and that at the end of the day, it's only junk mail.
John