[Mailman-Developers] Proposed: remove address-obfuscation code fromMailman 3

Bob Puff bob at nleaudio.com
Tue Aug 25 18:48:56 CEST 2009

You are presuming too much on spammers as a whole.  I've dealt with a couple
spammers, and they just used some tools they got online that search for
username at domain.something.  Everything else is ignored.

I don't for a minute doubt that the advanced spammers will snag anything and
everything no matter how strange it is obfusticated (sp?).  But there are a
LOT of low-tech spammers still out there, and there is enough "low hanging
fruit" for them that this little bit we are discussing can be over their head.


---------- Original Message -----------
From: skip at pobox.com
To: Ian Eiloart <iane at sussex.ac.uk>
Cc: mailman-developers at python.org, Rich Kulawiec <rsk at gsp.org>
Sent: Tue, 25 Aug 2009 06:42:12 -0500
Subject: Re: [Mailman-Developers] Proposed: remove address-obfuscation code
fromMailman 3

> Ian> Quite right. Rich's argument is, essentially, that obfuscation
>     Ian> isn't 100% effective so it shouldn't be used. Frankly, if 
> it's 10%    Ian> effective, then it's worth doing in my view.
> I would be quite surprised if address obfuscation is anywhere close 
> to 10% effective.  Maybe 0.01%.
> The problem I see with Barry's argument that users demand it so 
> Mailman must provide it is that position just propagates 
> misinformation about the ineffectiveness of the "feature".  I would 
> vote for tossing it out, or at the very least making it a per-list 
> flag which admins could disable if they wanted.
> The other thing about Mailman's obfuscation is that I sorta think 
> that by now the spammers have figured it out.  I mean, "skip at 
> pobox.com"?  Come on.  Even Barry stands a good chance of writing a 
> regular expression that can locate something like that, his self-
> deprecation about his r.e. prowess notwithstanding.  :-) If nothing 
> else, all an enterprising spammer would have to do is steal 
> Mailman's email address matcher and replace "@" with " at ".  Oh,
>  wait, it's open source.  They wouldn't even have to steal the code.
> -- 
> Skip Montanaro - skip at pobox.com - http://www.smontanaro.net/
>     Getting old sucks, but it beats dying young
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> Unsubscribe:
> Security Policy: http://wiki.list.org/x/QIA9
------- End of Original Message -------

More information about the Mailman-Developers mailing list