[Mailman-Users] Users worried about spammers getting their email address

Chuq Von Rospach chuqui at plaidworks.com
Wed Aug 27 03:34:13 CEST 2003

On Tuesday, August 26, 2003, at 04:51  PM, Heath Raftery wrote:

> I have a user who is on a campaign to remove his email address from 
> any web site.

good for him. he's figured it out...

> However, I did point out that the archives are still downloadable in 
> raw mbox format, complete with email addresses.

If you can get to an e-mail address in any format without a password, 
so can a spambot, and they will. and do.

>> I suspect that before long they  will parse not just @ but also
>> resolve 'at' with any combination of  spaces either side.

slashdot has already proven that any attempt to obfuscate e-mail 
addresses programmatically can/will be de-obfuscated by the spammers 
once its worth their time. Remember, they don't have to de-program all 
of your obfuscations. they're patient. They can wait until they get 
your e-mail address re-arranged in a way they do understand how to 

> A good example of this that comes to my mind, is the way eBay handles 
> communication between bidder and seller. Any ideas about the 
> possibility of something like this in Mailman?

I think we're headed in that direction, for better and worse. I also 
think we're headed towards other changes in e-mail to allow users to 
control how their address is used. the best (IMHO) way to handle this 
is some form of addressing that allows a user's address to be usable 
for, say, a week. After that, if you attempt to use the address, you 
drop into challenge/response/whitelisting. Having a list server take 
responsibility for forwarding email is also likely useful, but it 
creates problems for sites where they don't control the entire domain 
-- you're effectively requiring the list server to live on a sub-domain 
and own all email to that sub-domain to do that properly.

I am (slowly, slowly) working on a new archiving scheme that won't 
disclose sensitive user data. Until that happens, my archives are 
locked behind security realms. That doesn't protect them completely, 
but the spambots don't seem to need to break that lock yet, not when so 
many other lists are available in google...

More information about the Mailman-Users mailing list