[Mailman-Developers] Proposed: remove address-obfuscation code fromMailman 3
bob at nleaudio.com
Tue Aug 25 18:48:56 CEST 2009
You are presuming too much on spammers as a whole. I've dealt with a couple
spammers, and they just used some tools they got online that search for
username at domain.something. Everything else is ignored.
I don't for a minute doubt that the advanced spammers will snag anything and
everything no matter how strange it is obfusticated (sp?). But there are a
LOT of low-tech spammers still out there, and there is enough "low hanging
fruit" for them that this little bit we are discussing can be over their head.
---------- Original Message -----------
From: skip at pobox.com
To: Ian Eiloart <iane at sussex.ac.uk>
Cc: mailman-developers at python.org, Rich Kulawiec <rsk at gsp.org>
Sent: Tue, 25 Aug 2009 06:42:12 -0500
Subject: Re: [Mailman-Developers] Proposed: remove address-obfuscation code
> Ian> Quite right. Rich's argument is, essentially, that obfuscation
> Ian> isn't 100% effective so it shouldn't be used. Frankly, if
> it's 10% Ian> effective, then it's worth doing in my view.
> I would be quite surprised if address obfuscation is anywhere close
> to 10% effective. Maybe 0.01%.
> The problem I see with Barry's argument that users demand it so
> Mailman must provide it is that position just propagates
> misinformation about the ineffectiveness of the "feature". I would
> vote for tossing it out, or at the very least making it a per-list
> flag which admins could disable if they wanted.
> The other thing about Mailman's obfuscation is that I sorta think
> that by now the spammers have figured it out. I mean, "skip at
> pobox.com"? Come on. Even Barry stands a good chance of writing a
> regular expression that can locate something like that, his self-
> deprecation about his r.e. prowess notwithstanding. :-) If nothing
> else, all an enterprising spammer would have to do is steal
> Mailman's email address matcher and replace "@" with " at ". Oh,
> wait, it's open source. They wouldn't even have to steal the code.
> Skip Montanaro - skip at pobox.com - http://www.smontanaro.net/
> Getting old sucks, but it beats dying young
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> Security Policy: http://wiki.list.org/x/QIA9
------- End of Original Message -------
More information about the Mailman-Developers