[Mailman-Developers] Preventing spam to list admins.

Mon, 27 Aug 2001 09:27:30 -0700

I have a feeling I'm opening up another can of worms for Barry, but...

Had an interesting issue with a list admin this morning. One of his user had
started getting spam, and because of various coincidences, thought it was
because our subscriber list had leaked. I did a little snooping, and found
that his address had been put on a public web page (not one of mine), and
showed him that it was likely harvested there.

At which point, the admin of the list involved wrote and asked how to get
his address off of the info page for the lists he admins. After all, if you
go to .../mailman/listinfo/listname, down at the bottom, the admin addresses
are out there for all to see (and harvest).

And -- I don't have an answer for that.

But -- it's a legitimate problem. You can't exactly hide those pages behind
a security realm. As Mailman is structured, you can't really remove them,
and there's no way to protect them.

But they need to be, because those pages are wide open, and accessible to
all the spiders, so they're going to leak into the global search engines, or
be harvested directly.

Ugh. 

This has to be fixed in 2.1, if not before. I think the answer is to hide
the e-mail addresses in some way, probably by having a mail-to-the-admin
CGI, where only the admin's NAME is accessible publically, and Mailman
handles forwarding mail to them.

In retrospect, this problem is painfully obvious to me, but personally, I'm
simply numb to having my e-mail address harvestable. But I think, in
general, it's a bad idea to put any e-mail address on a page, and I think
you can't programmatically obfuscate stuff, either (it'll be interesting to
see whether slashdot's new random-obfuscate system actually works, or
whether the harvesters will simply be able to figure out how it's obfuscated
and eat the addresses anyway... I'm not hopeful)

What do others think? Anyone got any quick ideas on how to dela with this,
and what we ought to do long term?

-- 
Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
[<chuqui@plaidworks.com> = <me@chuqui.com> = <chuq@apple.com>]
Yes, yes, I've finally finished my home page. Lucky you.

USENET is a lot better after two or three eggnogs. We shouldn't allow
anyone on the net without a bottle of brandy. (chuq von rospach, 1992)