On Tuesday, July 16, 2002, at 01:58 PM, Chuq Von Rospach wrote:
One thing we're definitely doing is moving to a cloaked archive. Since we already distribute all archives out of HTTP, not FTP, we're working on a CGI that'll strip all e-mail information out of messages on the fly (among other things, like header cleanup and some trivial formatting fixes). The idea is simple -- we've finally hit the point where you can't put an e-mail address up on a public site under any cirucmstance safely, so we're having to move to a system where we simply don't do that.
I think the Mailman stuff needs to think about this, also. It impacts the archiving setup and other issues, but the harvesters have hit the point where we simply can't risk disclosing that info. It creates other problems -- you can't see a posting in the archive and send email to that person with more questions (or answers), but that seems trivial compared to the problems the spammers are causing.
I've had requests from customers for this as well. I'm fairly impartial as to whether it's done when the archive is displayed or when it's generated, but they a) want public archives, and b) don't want harvest-able addreses in them. Something like [address removed] would be fine, as long as the Real Name portion was (optionally?) preserved.
Would probably also be a good idea for some private lists, to prevent more advanced harvesters (ie subscribe to list, grab all the addresses from the archives, unsubscribe - that can't be too hard to automate).
I'm unsure about whether the obscurer should scan the body and nuke addresses there too - could be a PITA for technical lists (especially those discussing email issues!), but could be valuable for lists which REALLY want to protect subscribers.
A secondary issue here is the problem of disclosing admins and admin addresses. I know we've hashed that through once, but we've come to the (somewhat reluctant) decision to whitelist all public, non-personal email addresses. We're going to be implementing TMDA to do this, and will be switching all admin to generic addresses that filter through TMDA, as well as things like postmaster@ and the like. While I hate making users jump through hoops to get through to a real person (for those that don't know, TMDA is an overt whitelist. If you're not on the whitelist, you get mail back telling you to take some action, and until you do, the mail isn't delivered), but the abuse by the spammers on admin addresses is now so bad I'm declaring defeat and going to the whitelist.
As mentioned by Barry, SpamAssassin good.
So what he did was open up his address book and send his message to everyone in it. And he's running one of these new e-mail clients that happily caches addresses it sees in case you want them again. So all of the addresses of people posting to the mailing lists he subscribed to were in his address book cache, so when he grabbed his address book, he grabbed all of those addresses, too.
The perils of Ease of Use. I have a crapload of people in my OS X Address Book that Mail.app's been happily storing away for a rainy day. Luckily for them, I'm not likely to be excited enough about anything to add them all to an email. :)
Bryan
-- Bryan Fullerton http://bryanfullerton.com/ Core Competence uunet.ca!gts!cspace!bryanf Samurai Consulting Inc.