[Mailman-Developers] Interesting study -- spam on postedaddresses...

Chuq Von Rospach chuqui@plaidworks.com
Wed, 20 Feb 2002 21:41:01 -0800

>> It's a test to find out if the agent that requested the page is human or some
>> bot of some sort.
> Assuming you can build such a test.  Good luck.

That some other programmer can't cheat on. Even gooder luck.

> If it's arbitrary, it's generated by some algorithm.  If it's generated by
> some algorithm, I just need to figure out the algorithm and I can always
> get it.

There is some validity to the "the club" mentality, of "we don't have to fix
it, we only have ot make it difficult enough to convince them to annoy
someone else". But if we assume we're building the New Defacto Standard
Listserver for the Internet here with mailman, that strategy fails, because
if we succeed, then it becomes worth their time to find the anti-Club.
Security by obscurity only works if you're really obscure, which implies
failure of the software to thrive. I'm not interested in that (and even
then, you aren't guaranteed success by being obscure).

Another way of looking at it is "I don't have to outrun the lion. I only
have to outrun you" -- but that doesn't work if the lion is infinitely
hungry and doesn't get tire.d Which defines a spambot.

I'm more and more ocnvinced the answer is simply putting admins behind a web
form, and telling site admins to publicize an emergency address (like
postmaster), and putting up a watcher on the system to set off alarms when
it breaks. 

> If you've got a database mapping arbitrary number/name/string to an email
> address, then why not just have a web form that sends mail to that address
> knowing only the arbitrary value (and never divulge the email address)?

Basically, what I'm proposing. And I'm more and more convinced it's the
right way to do this, for all that web forms are less personal than sending
email directly. I think admins have to make themselves accessible. I don't
think they have to make themselves accessible on the user's terms... Another
of those tradeoffs.

Chuq Von Rospach, Architech
chuqui@plaidworks.com -- http://www.chuqui.com/

The first rule of holes: If you are in one, stop digging.