Stroller stroller at
Wed Jan 28 17:03:52 CET 2009

On 28 Jan 2009, at 09:56, Jan Henkins wrote:
> ...
> There is another situation that I find to be a worry: In order to send
> mail to this list you have to have a registered address.
> ... but it could have been anybody else who have sent an email to the
> list. Looking in the list archives I can see that not enough is  
> being done
> to obscure sender addresses. Currently the only thing that is being  
> done
> is to replace the "@" with a "<space>at<space>". So "dorian at"
> would become "dorian at". Sweet! Armed with wget to leech  
> all the
> archives, a few text tools (grep, Perl, Python, etc) and I can build  
> up a
> list of addresses (almost 100% confirmed working addresses) that  
> could be
> used for various spamming activities. A list of active addresses is  
> worth
> money too! ;-) So what I suggest is that the list administrators  
> obfuscate
> list members' addresses even more. MailMan's Pipermail archiver can do
> this if properly set up.

Surely the traditional mailing list problem remains - subscribers to  
the list will still receive messages with the full from address  
intact. Or do you intend to obfuscate that, too? Surely a spammer can  
just subscribe to the list to obtain all our addresses?

Obfuscating email addresses on the web archive is, IMO, no substitute  
for sensible policies (greylisting, RBL, SFF?) at your incoming mail  


More information about the community mailing list