stroller at stellar.eclipse.co.uk
Wed Jan 28 17:03:52 CET 2009
On 28 Jan 2009, at 09:56, Jan Henkins wrote:
> There is another situation that I find to be a worry: In order to send
> mail to this list you have to have a registered address.
> ... but it could have been anybody else who have sent an email to the
> list. Looking in the list archives I can see that not enough is
> being done
> to obscure sender addresses. Currently the only thing that is being
> is to replace the "@" with a "<space>at<space>". So "dorian at grey.com"
> would become "dorian at grey.com". Sweet! Armed with wget to leech
> all the
> archives, a few text tools (grep, Perl, Python, etc) and I can build
> up a
> list of addresses (almost 100% confirmed working addresses) that
> could be
> used for various spamming activities. A list of active addresses is
> money too! ;-) So what I suggest is that the list administrators
> list members' addresses even more. MailMan's Pipermail archiver can do
> this if properly set up.
Surely the traditional mailing list problem remains - subscribers to
the list will still receive messages with the full from address
intact. Or do you intend to obfuscate that, too? Surely a spammer can
just subscribe to the list to obtain all our addresses?
Obfuscating email addresses on the web archive is, IMO, no substitute
for sensible policies (greylisting, RBL, SFF?) at your incoming mail
More information about the community