Real mail addresses in list postings and resulting **SPAM**

[John Summerfield]

Bruno Wolff III wrote:
> On Fri, Sep 25, 2009 at 08:42:43 +0200,
>   "Juan J. Mart�nez" <jjm at usebox.net> wrote:
>> If the mail client uses bad practices and includes the mail address in
>> the reply quote (such as "$DATE, Jhon Doe <jhon.doe at whatever.dom>
>> wrote:", please edit it by hand and at least remove the domain part from
>> the mail address.
>>
>> Sometime ago this was called "netiquette" :)
> 
> Accept this practice was never widely accepted. (Because it doesn't
> actually work.)
> 
> If you want to keep your email address secret don't publish it.
> 

I've just rejoined this list after leaving it a short while ago. I 
figured I was wasting too much time in debates such as this.

First, I've described my antispam measures in an article at 
isay.js.id.au. A lot of people here could probably adapt the measures to 
their own needs. It does require that you manage your own mail service.

I think that the best allround countermeasure is for the list-management 
software to obliterate all email addresses before sending. There's 
little likelihood of getting everyone who archives the list to do so. A 
DCMA (did I get the acronym right) action against an archive site would 
be interesting. It might, however, be the end o archives, at least in USA.

Not obfuscate, obliterate. Here's why:
http://www.google.com/search?hl=en&safe=active&num=100&c2coff=1&q=%22at*yahoo*com%22&btnG=Search&aq=f&oq=&aqi=
That gives me about 12 gigapages to look for yahoo email addresses. I 
don't even have to go the sites, I can just pull them out of Google's 
cache. Can anyone spot an address here?
se enter me! thetometraveller *at* yahoo(dot) com. I follow!

Trust me, it's not hard to write some perl to discover quite a few 
addresses in text like that. 50-100 lines at a guess.

Obfuscation doesn't work. In fact, I reckon I could find addresses more 
quickly if they're obfuscated.

As someone already said, all one needs to harvest addresses from this 
list is to subscribe to it. You get the address of everyone who posts to it.

Do people really do that? Well, let me tell you!
I once created a website. I dreamed up a domain name - I already had a 
wildcard so it was just a matter of picking a name and configuring Apache.
It still exists, it's here:
http://portgeographe.environmentaldisasters.cds.merseine.nu/

I didn't really announce it, I just added the URL to my sig, and posted, 
as I do here, to the Debian users' list. Nothing about my new site, just 
something properly in context with an ongoing discussion.

Within the hour I had my first visitor. It wasn't you or me, it was 
(according to the log) a bot. Not one from Google or Yahoo, one from 
Microsoft, as identified by its IP address. I assume it was looking for 
warez, it never returned, and everyone knows what a hotbed of software 
traders those Debian people are.


What individuals could do, and I have thought about this, is enroll two 
addresses. Get both confirmed. Post _from_ one, say throwaway at yahoo.com, 
but never ever read it. Instead, read the one from which you never post. 
It wouldn't work well from me, I use (at least) two different email 
clients on each of several computers.


-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)