[Mailman-Developers] Interesting study -- spam on posted addresses...

Magnus Stenman stone@hkust.se
Mon, 18 Feb 2002 11:48:28 +0100

Chuq Von Rospach wrote:
> Interesting article on slashdot:
> <http://slashdot.org/article.pl?sid=02/02/17/2031249>
> Basically, DSLreports did a test, and found that e-mail addresses posted on
> a web site could start seeing spam in as little as 8 hours.
> I mention it for two reasons. One, since mail lists manage e-mail addresses
> (and archives of e-mail addresses), it is yet antother indication  of just
> why we have to be careful about presenting and disclosing that stuff. And
> second, since one of the addresses presented and disclosed is that of the
> admin, we really need to come up with ways that allow newbies to contact an
> admin without easily disclosing addresses to spammers. And, unfortunately,
> the security problems with formmail.pl have shown THAT isn't really the
> answer...

Maybe not unpatched formmail, but a form for contacting a list admin
can be much more secure than that; it only needs to know the list name
to be able to send mail to the admin.  Hard to use that for spamming.

Obscuring mail archives (possibly making them worthless as soon as the
"un-obscurer" no longer functions) is IMHO not the way to go


> Chuq
> --
> Chuq Von Rospach (chuqui@plaidworks.com -- http://www.chuqui.com/)
> Will Geek for hardware.
> Very funny, Scotty. Now beam my clothes down here, will you?
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers@python.org
> http://mail.python.org/mailman/listinfo/mailman-developers