[Mailman-Developers] Interesting study -- spam onpostedaddresses...
Thu, 21 Feb 2002 13:32:44 -0500
Interestingly enough, the first place I ever saw the reverse turing test
in use was in the signup for a yahoo account.
"This step helps Yahoo! prevent automated registrations."
The objective should be to raise the cost of harvesting. As you say, it
cant be prevented, but forcing a human into the loop can raise the cost
> -----Original Message-----
> From: firstname.lastname@example.org
> [mailto:email@example.com] On Behalf Of
> Chuq Von Rospach
> Sent: Thursday, 21 February 2002 12:24
> To: Dale Newfield; firstname.lastname@example.org
> Subject: Re: [Mailman-Developers] Interesting study -- spam
> On 2/21/02 8:28 AM, "Dale Newfield" <email@example.com> wrote:
> > On Thu, 21 Feb 2002, Damien Morton wrote:
> >> Making a private archive available to those who are list members
> > I haven't commented on this before, but the reason I find this
> > solution lacking is that most mailman lists (in my
> experience) don't
> > require list admin permission to join. If this is the hurdle, as a
> > spammer I'd just create a hotmail account that I can automatically
> > subscribe to any mailman mailing list, and then gain access to the
> > honeypot.
> This hits another aspect of my design philosophy. Don't sweat
> making one part of the system more secure than the other parts.
> In this case, you hit a nail on the head. If a spammer
> really, really wants your subscribers, we can't stop him.
> They can simply subscribe to a list and harvest it as it
> comes across. Unless you choose to anonymize every bloody
> message -- a spammer will win if they're motivated enough,
> and a smart spammer will do so in a way you'll never find.
> Like setting up a hotmail address for each list, so you can't
> see that all 30 lists have the same address in common, and
> simply reading messages as they come by.
> And since, inherently, you can't stop THAT, it makes no sense
> to make archives more secure than that. Any spammer smart
> enough to be willing to subscribe to a list to do their
> harvesting, you're going to have a very tough time stopping.
> Basically, you have to get lucky or hope they make a mistake
> or some sort.
> So since you can't make the subscription process more secure
> than that -- why try to make the archives more secure than
> the subscription process? It's extra work for no real gain,
> because any spammer will a clue will go through the patio
> door in the backyard instead of the front door with the three
> deadlocks and the security gate...
> Chuq Von Rospach, Architech
> firstname.lastname@example.org -- http://www.chuqui.com/
> Yes, I am an agent of Satan, but my duties
> are largely ceremonial.
> Mailman-Developers mailing list
> http://mail.python.org/mailman/listinfo/mailma> n-developers