[Mailman-Developers] Interesting study -- spam on postedaddresses...

John Morton jwm@plain.co.nz
Thu, 21 Feb 2002 17:55:23 +1300

On Thursday 21 February 2002 17:15, Dale Newfield wrote:
> On Wed, 20 Feb 2002, Damien Morton wrote:

> > Web Forms for contacting the admin cold. If the admin replies, you can
> > continue the conversation via email.
> Right, assuming the web form doesn't break.

Monitor the form. Your monitoring tools should be telling you when bits of 
your site break before users have a need to report the problem.

> > Private and Public views of the archives.
> >
> > Private archives are restricted to list members and those that can pass
> > a reverse turing test.
> People keep using this term, but I'm not sure what they mean, or if I
> trust that they'd be so reliable...

It's a test to find out if the agent that requested the page is human or some 
bot of some sort. In order to progress past the form you have to enter 
something into the box as a reply to some text in the form. If the question 
and answer can be arbitary on a site by site, or better, hit by hit basis, 
then it becomes infeasible to build a spambot to enter such sites.

> > Public archives render all email addresses as jpegs.
> If they're automatically generated, it'd be easier to create pngs or gifs,
> or lots of other formats than jpgs.  Think about this, though--how do you
> actually generate the images and serve them properly without either
> including the email address in the html code anyway (so the img request
> specifies what image to generate), or building a whole database mapping
> arbitrary numbers to email addresses (so they can either be generated on
> the fly or stored pre-generated). 

I'd pregenrate them, give them an arbitary name and store a dictionary 
mapping email addresses to the image for page building purposes.

> Once you've got that database, why not
> just have that database front a web form instead of displaying the
> address?

I'm not sure what you mean by this. Can you explain?

(Not that I think image addreses are a good idea for all the reasons you 
mentioned earlier. I'd prefer a slashdot style per user 'display address'
option. It can be obfuscated by default, but it allows the user to restore 
there actual address, or render it unrecognizable depending on there personal 
spam tolerance threshold.)