[Mailman-Developers] Interesting study -- spam on postedaddresses...

Damien Morton dm-temp-310102@nyc.rr.com
Fri, 22 Feb 2002 09:16:20 -0500 

> From: Stephen J. Turnbull
> 
> First, since addresses are typically repeated but obfuscated 
> in different ways, the probability that a given address gets 
> harvested is much higher than the probability that any given 
> obfuscated instance gets cracked.  Second, you don't need to 
> get 100% recognition, you don't even need to get 10% 
> recognition, as long as you can process the bytes as fast as 
> they come off the wire _and_ the number of harvested new 
> addresses per megabyte is high enough.
>
> <snip>
> 
> I conclude that if obfuscated archives give a reasonable 
> number of addresses per megabyte, and those addresses are 
> drawn from a population that is not represented in other 
> sources, spammers _will_ find cheap and dirty ways to achieve 
> recognition, and then they will compete to improve it.
> 
> People have seriously advocated obfuscation, especially images.

So obfuscation is imperfect, and the more effective it is, the more
value there is in cracking it.

Would you say, then, that youre advocating public and private list
archives, with email addresses omitted from the public archives, and the
private archives available to list members only?

Im not clear on what your position is.

A while ago, I laid out the decision/position tree, as I saw it. Only
one person has clearly located their position in/on that tree, so I
repeat it again.

Im very interested to see where list members might locate their position
in this decision tree. Please eel free to alter the tree, should your
position not be included.

Is it desireable to prevent the whole world seeing email addresses in
mailman archives? 
If yes then
	should there be public and private archives, with the public
archive protecting addresses?
	if yes
		how should the access to the private archives be
controlled?
			list membership? (damien)
			reverse truing tests? (damien)
			other?
		what should go into the public archives?
			obfuscated email?
				email as images? (damien)
				text based obfuscation?
			links to web form email? (damien)
			omit email addresses entirely?
			other?
	else if no
		should an address protection scheme be used at all?
		if yes
			what protection scheme(s) should be used?
				obscured email?
					email as images?
					text based obfuscation?
				links to web form email? (dale)
				omit email addresses entirely? (dale)
				other?
		else if no
			talking in circles
else if no
	end of conversation