Chuq Von Rospach wrote:
Interesting article on slashdot:
Basically, DSLreports did a test, and found that e-mail addresses posted on a web site could start seeing spam in as little as 8 hours.
I mention it for two reasons. One, since mail lists manage e-mail addresses (and archives of e-mail addresses), it is yet antother indication of just why we have to be careful about presenting and disclosing that stuff. And second, since one of the addresses presented and disclosed is that of the admin, we really need to come up with ways that allow newbies to contact an admin without easily disclosing addresses to spammers. And, unfortunately, the security problems with formmail.pl have shown THAT isn't really the answer...
Maybe not unpatched formmail, but a form for contacting a list admin can be much more secure than that; it only needs to know the list name to be able to send mail to the admin. Hard to use that for spamming.
Obscuring mail archives (possibly making them worthless as soon as the "un-obscurer" no longer functions) is IMHO not the way to go
-- Chuq Von Rospach (firstname.lastname@example.org -- http://www.chuqui.com/) Will Geek for hardware.
Very funny, Scotty. Now beam my clothes down here, will you?
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers