[Mailman-Developers] Interesting study -- spam on postedaddresses...

[Chuq Von Rospach]

On 2/18/02 11:58 AM, "Damien Morton" <dm-temp-310102@nyc.rr.com> wrote:

> I would suggest that a na=EFve/novice net user will be more familiar with
> web-based forms and web-based email than the email we know.

I did ten years of tech support.. Wanna bet?

You could, actually, be right. But making assumptions is a great way to
screw it up. Thought, design and testing are the keys, not guessing.

> The first is to enable users to engage list admins and have their
> problems sorted out, while discouraging or eliminating spam being sent
> to list admins. For this functionality, a web-based email form can be
> created. If you don=92t know the admins email address, you use the form to
> initiate your conversation.

Some form of obfuscating the email address is needed. But here's the
problem. If you use a web-based form to send email to the admin, how do you
email the admin to say "did you know your site is broken and none of your
pages are working?"

If the form breaks, how do you contact the admin through the form?

That's sort of a worst-case scenario -- but it's also a rather practical
one. It happens. So at some point, you need some kind of mailto. But once
you do -- it opens you up for spam.

Finding the tradeoffs here is the fun part.

> The second issue is to prevent the email addresses of list members from
> being harvested from the archives.

Short answer; archives go behind a password. You authenticate access. Don't
go over-fancy with images and scan/replace stuff. Right now, I have a
hardwired password. Once 2.1 hits beta, I plan on working towards a solutio=
n
that authenticates in apache to a mailman-subscribed address. I simply
haven't had time yet.


--=20
Chuq Von Rospach (chuqui@plaidworks.com -- http://www.chuqui.com/)
Will Geek for hardware.

Very funny, Scotty. Now beam my clothes down here, will you?