On Wed, Aug 26, 2009 at 10:57:06AM +0100, Ian Eiloart wrote:
There's recently published research which suggests that simple
obfuscation can be effective. Concealment, presumably, is more effective.
At http://www.ceas.cc/ you can download Spamology: A Study of Spam
Origins
On Tue, Aug 25, 2009 at 06:39:29AM -0400, Barry Warsaw wrote:
So you can explain why, in theory and in practice, obfuscation doesn't
work. But the user base will (stubbornly, if you like) refuse to
accept your logic.
As usual, Stephen hits the nail on the head.
I can't disagree with much
On Mon, Jun 07, 2010 at 02:28:22PM -0400, Barry Warsaw wrote:
We can try to make it more difficult to harvest email address from mailing
list archives and posts, but some of that is fairly difficult without
disrupting the usability of the mailing list.
Agreed, and as I pointed out last year,
On Sun, Jun 06, 2010 at 04:29:14PM -0400, Crist?bal Palmer wrote:
The ability to use reCAPTCHA or other CAPTCHA systems as part of the
web signup would also significantly reduce spammy signups, so if we
could have MM3 ship with a CAPTCHA system and/or support for a class
of CAPTCHA systems in
On Mon, Feb 29, 2016 at 05:41:27AM -0800, Terri Oda wrote:
> The tweet linked talks about moving a discussion from a mailing list
> to a bug tracker.
An easy way to do that (while leaving the mailing list discussion intact
and not requiring that people have accounts on the bug tracking site
in
On Sat, Mar 05, 2016 at 04:27:31PM +0530, Aditya Divekar wrote:
> I was looking around the mailman code, and could not find the functionality
> for captcha in the mailing lists subscription pages.
As someone who has been studying email abuse for 30+ years, I strongly
recommend against captchas
On Wed, Mar 15, 2017 at 11:31:44PM -0500, J.B. Nicholson wrote:
> I understand there are more insecure devices on the Internet all the time
> and that's unfortunate, but I don't think it's avoidable. What do you
> suggest we do about this using Mailman (since this is Mailman-developers)?
I
On Fri, Mar 17, 2017 at 09:54:48AM +1100, Morgan Reed wrote:
> I'd submit that this is tantamount to saying "it's impossible to make a
> 100% secure system so why bother even trying".
Then you're not grasping my point. Let me try again.
I suggest that you re-read what I've written *and*
On Thu, Mar 16, 2017 at 08:10:03PM +0100, Norbert Bollow wrote:
> Even if not every device is secure, the difficulty, and likely cost,
> for an attacker to snoop on the communications is much greater for an
> encrypted mailing list is than for a non-encrypted one.
The difficulty is greater -- but
On Thu, Mar 16, 2017 at 05:30:36PM -0400, Barry Warsaw wrote:
> On Mar 15, 2017, at 09:47 PM, Rich Kulawiec wrote:
>
> >What all of this means is that once a list passes N members, where
> >we can debate about N, the probability that at least one of those
> >members has
All of these proposals overlook significant known, current threats --
none of which they're capable of addressing, but some of which badly
undercut the suggested approaches.
To list just one of those -- albeit a rather prominent one -- the
Internet's population of hijacked systems (aka bots or
On Tue, Mar 21, 2017 at 04:04:20PM +0100, johny wrote:
> Shifting the attacker to actively compromise devices is an overall
> improvement.
If "compromising devices" was difficult, I might agree. But it's not.
Devices of all descriptions have been and are being compromised in
enormous numbers on
On Sun, Mar 19, 2017 at 07:33:24AM -0400, Richard Damon wrote:
> I would say that the problem that is being attempted to solve is
> fundamentally impossible to do perfectly. It is impossible to distribute
> messages in a secure manner to a number of recipients that you don't have
> total control
On Sun, Mar 19, 2017 at 06:14:22PM +0100, Norbert Bollow wrote:
> That is true, if the attacker already knows whose communications they
> want to snoop on. However one of the main benefit of using encrypted
> communications is in the area of making it much more expensive and
> politically risky
14 matches
Mail list logo