Doesn't this link run contrary to the "obscure_addresses" Option?
Even if I have the obscure_addresses Option set to YES, the e-mail addresses of public archives can be still harvested by various robots out there.
later, Mentor
"MC" == Mentor Cana mentor@alb-net.com writes:
MC> Doesn't this link run contrary to the "obscure_addresses"
MC> Option?
Yup, but so does the old downloadable archive link, so I don't think this change /increases/ the spam harvesting potential.
MC> Even if I have the obscure_addresses Option set to YES, the
MC> e-mail addresses of public archives can be still harvested by
MC> various robots out there.
I'm not sure what to do about it. The links are useful and since the files are intended to be MUA-ready, munging the addresses is inconvenient. I guess if the list admin is really worried about harvesting, she'll make the archives private and force access through the authentication page.
Not a great position to take, I admit.
-Barry
On 2000.10.05, in 14812.57073.817910.35800@anthem.concentric.net, "Barry A. Warsaw" bwarsaw@beopen.com wrote:
I'm not sure what to do about it. The links are useful and since the files are intended to be MUA-ready, munging the addresses is inconvenient. I guess if the list admin is really worried about harvesting, she'll make the archives private and force access through the authentication page.
Not a great position to take, I admit.
I think it's a fine position to take, as long as there's a way for the concerned administrator to block access. I'm disappointed when I can't obtain virginal mbox archives of a list, and authenticating access is a perfectly good solution to the harvester problem.
Maybe, as a compromise, the text and mbox links should be authenticated even when the archives are private?
Yup, but so does the old downloadable archive link, so I don't think this change /increases/ the spam harvesting potential.
MC> Even if I have the obscure_addresses Option set to YES, the MC> e-mail addresses of public archives can be still harvested by MC> various robots out there.I'm not sure what to do about it.
I'm putting all of my archives, search engine, etc, behind a security realm. They'll have to know where to find the acct/password, and type it in.
That shuts out all of the automated harvesters. If someone wants to manually come in try to harvest, you need to depend on being able to recognize it happening and deal with it on a case by case basis, but then, if you have an individual harvesting, they can always quietly subscribe to the lists and harvest the e-mail stream you deliver to them, -- and you'll never know it's happening.
so I don't worry about the manual harvester. First, it rarely happens. Second, if they have a clue you'll never catch them. Third, few have a clue and they're easy to find. And fourth, that kind of person is very rare. I'm worried about (a) keeping email addresses out of the global search engines where most harvesting happens, and (b) closing out the automated spider harvesters that do 99% of the rest of the harvesting.
and if you think about it, you can't find, much less stop, a harvester that subscribes to lists and sucks e-mail off the list server, so that's the most secure you can make a mail list. It makes no sense to try to make your archives MORE secure than you can make the list itself. So I focus on dealing wtih indiviual harvesters by alarms on suspicious activity in the archives, and let passwords lock out the bots, and that, to me, is about as good as you can expect, because it's as secure as your list itself is.
participants (4)
-
bwarsaw@beopen.com -
Chuq Von Rospach -
David Champion -
Mentor Cana