[ale] Webcrawlers can harvest ALE Archive E-mail Addresses

Michael Hirsch mdhirsch at gmail.com
Thu Feb 10 14:22:49 EST 2005


On Thu, 10 Feb 2005 13:06:18 -0500, Jim Popovitch <jimpop at yahoo.com> wrote:
> On Thu, 2005-02-10 at 12:43 -0500, Michael Hirsch wrote:
> > My understanding is that email addresses are so easy to harvest right
> > now, that few harvesters bother trying to unobfuscate the email
> > addresses.  I suspect that even something as stupid as replacing all
> > '@'  symbols with ' AT ' in the archives would significantly reduce my
> > spam.  Doing funky stuff with hex codes might work even better.
> > Spammers know that using strange spellings and characters can fool
> > many filters.  Similarly, I bet the same tricks would fool many
> > spammers.
> 
> Michael,
> 
> This is a very common train of though.  The problem with it is that it
> requires either a single email address per user, per list; or global
> participation by all email lists, webpages, etc that may publicly expose
> your email address.  The honest truth is that nobody (save one or two
> extremists) has a separate email address for each different public site
> they interface with; and we all know that global participation in a
> common cause is impossible, especially when some businesses still profit
> from the mere existence of spam.

See, I don't think that having my email harvested is like losing my
virginity--it isn't a once in a lifetime event, aafter which you can
never go back.  90% or more of the places my email is available is on
the ALE archive.  If I could stop if from being harvested in the
future from that archive I believe that my spam would slow to a
trickle over time.

I am not saying it is a permana=ent solution to the worldwide problem
of harvesting.  I'm saying that it would be a progmatic and useful
responc=se to the particular problem that I have.
 
> Dissecting issues such archived email, and only looking at the way one
> person uses eamil, or the way one mailinglist or website archives it,
> doesn't really provide a workable and robust solution worthy of
> implementation.  In the narrow case of ALE, supposing that someone hacks
> Mailman/MhonArc to obfuscate email addresses, who is going to port those
> hacks over to the next Mailman/MhonArc release?  Who is going to analyze
> those hacks every time a security patch is release?  Who is going to
> maintain those hacks today, tomorrow, next year, next decade, as
> spammers begin to un-obfuscate them?

Those are valid questions.  And the right answer is either a)
contribute the changes back to the maintainers.  If they refuse them,
b) switch to an archiver that already supports the feature.

Michael



More information about the Ale mailing list