Kevin Brosius on 16 Oct 2003 19:51:02 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OT: Spam


gr wrote:
> On Thu, Oct 16, 2003 at 08:13:23AM -0400, Kevin Brosius wrote:
> > One study suggested that munging cut ~80% of spam on new email
> > addresses. I'll see if I can locate a reference.
> 
> Please do, because I'd like to read it.
> 

http://www.cdt.org/speech/spam/030319spamreport.shtml is the one I found
most interesting.  Six month study.  Properly munged addresses posted on
web sites received no spam.  Of course, these may be the examples that
were used to generate the PERL code you mention below.

> For the record, I object to munging mostly on principal. Here are
> my reasons, in order of importance (to me):
> 
> 1. The idea that we would break our historical record in fear of
> petty abusers of the Internet is offensive. Spammers won't stop
> spamming because they don't get your address, they probably won't
> even stop spamming you (because there are plenty of other channels
> for them to get your address). They will stop spamming precisely
> when it becomes financially contraindicated. So filter their mail.
> Get you friends and family who don't know better reading mail
> through your mail server, and filter it for them too. And support
> GOOD (and there's plenty of bad been proposed, so watch out)
> legislation to make the process illegal without informed consent.
> 

Well, I'm somewhat more flexible.  I think munging should remain human
readable.  I like how MARC does it.  They're one of the biggest mail
archives.  I respect their opinion.

Filtering is great... more power to you.

> 2. It really does break the historical record. PGP signatures don't
> work (they don't anyway in the Mailman web interface, but they still
> do in the mbox versions). And keeping the real email addresses
> acessible really is necessary even outside of that. Twenty years
> from know, the PLUG mail archive will probably still be around
> somewhere, though many of us may not still be on the mailing list.
> A lot of very good information goes through PLUG all the time. It'd
> be a disservice to the future to make it difficult for someone down
> the line to follow up on something mentioned here.
> 

Well, I think you'll find most of those email addresses aren't valid in
20 years.  For two or three reasons I can name off the top of my head...

PGP... Well, I don't personally use it.  If you get email from me, that
is questionable in content and would pose you serious financial risk, or
other damage... I'd expect you to call me on a phone before acting on
it.

> 3. Email address munging doesn't work anyway. It *might* make the
> exponential curve of the amount of spam you're going to receive rise
> a little bit more slowly. But it won't stop that rise. Only proper
> spam filtering will stop that rise. The suggesting that email
> munging stops spam is a red herring that I really wish smart people
> would quit supporting already.
> 

Well, sounds like opinion to me.  I won't debate who the smart people
here are with you. :)

> > The general consensus seems to be that email harvestors aren't bothering
> > to de-munge addresses (yet). Whether that will continue or not is
> > anyone's guess.
> 
> I know that's untrue, because I've seen the Perl code to do it. In
> point of fact, I think it's in CPAN. Yeah. Boo!
> 

Bummer.  Your turn to post a link.  Plus, your knowing it's true doesn't
prove to me that spammers are using it.  It's a short leap, I admit.

More importantly, each person can munge their address however they
like.  As can each archive site.  Gives the harvesters something to keep
them up at night, trying to harvest better.

> > I posted this same comment here about 2-3 years ago after I had changed
> > jobs, received a new email address at work, subscribed to plug, and
> > started receiving a lot of spam shortly thereafter. I might have blamed
> > it on friends with infected windows PC's outside the company, but I
> > don't have many of them :)
> 
> Blaming anyone but the spammers for sending you spam is migrating
> blame unfairly. Blaming anyone but yourself (or your ISP, in the
> case that you're doing IMAP or POP across a dialup) for actually
> receiving that spam is also placing blame unfairly. Filter your
> email. It's really just not that hard, and it's a reality we need to
> all just shut the hell up and accept.
> 

Hmm, I suppose you don't lock your doors either?

But seriously.  Maybe I shouldn't have said 'blame'.  But that's not the
real point here.  I'll make every attempt to break the chain of my email
getting into other's databases easily.  Easily crawl-able web archives
are just to simple a target.  I don't buy the argument that all the
addresses have to be shown verbatim.  I think simple munging will
prevent a good deal of harvesting.  And I've got one study, fairly
recent even, that backs me up.  Let's see some evidence on your side.

-- 
Kevin
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug