[ale] Webcrawlers can harvest ALE Archive E-mail Addresses

Jim Popovitch jimpop at yahoo.com
Thu Feb 10 13:11:35 EST 2005


On Thu, 2005-02-10 at 12:43 -0500, Michael Hirsch wrote:
> My understanding is that email addresses are so easy to harvest right
> now, that few harvesters bother trying to unobfuscate the email
> addresses.  I suspect that even something as stupid as replacing all
> '@'  symbols with ' AT ' in the archives would significantly reduce my
> spam.  Doing funky stuff with hex codes might work even better.   
> Spammers know that using strange spellings and characters can fool
> many filters.  Similarly, I bet the same tricks would fool many
> spammers.

Michael,

This is a very common train of though.  The problem with it is that it
requires either a single email address per user, per list; or global
participation by all email lists, webpages, etc that may publicly expose
your email address.  The honest truth is that nobody (save one or two
extremists) has a separate email address for each different public site
they interface with; and we all know that global participation in a
common cause is impossible, especially when some businesses still profit
from the mere existence of spam.

Dissecting issues such archived email, and only looking at the way one
person uses eamil, or the way one mailinglist or website archives it,
doesn't really provide a workable and robust solution worthy of
implementation.  In the narrow case of ALE, supposing that someone hacks
Mailman/MhonArc to obfuscate email addresses, who is going to port those
hacks over to the next Mailman/MhonArc release?  Who is going to analyze
those hacks every time a security patch is release?  Who is going to
maintain those hacks today, tomorrow, next year, next decade, as
spammers begin to un-obfuscate them? 

-Jim P. 





More information about the Ale mailing list