Ceki G�lc� <[EMAIL PROTECTED]> wrote:
Your comments are welcome.
If you pick 10 people and ask them, you come up with at least 20 solutions for spam and 100 ideas.
I think email obfuscation is just as useless yet appealing as security thru obscurity if the amount of email obfuscated is high enough (and apache produces tons of it). We can pick n random obfucation methods, but this will make the job just n times harder and I don't think we can come up with more than, say, 20 meaningful obfuscation methods.
Another idea is to remove the From: header entirely. This way, you don't know who sent the email, nor spammers can. But this will totally destroy the mail list ecosystem.
Your proposal of using bogus address looks appealing at first, but it potentially makes the problem even worse: it might be a worm sending you that message, pretending to be me.
Net result: Ceki is now (involuntarely) spamming Stefano.
Note that if this method was institutionalized, you need rebouncing prevention (my bogus address spamming your bogus address and ping-pong forever).
I am strongly against any system that bounces email and my 300 spam/bounces messages a day prove why [ and I can't estimate how many don't even reach my inbox due to @apache.org prefiltering ]
-- Stefano.
smime.p7s
Description: S/MIME Cryptographic Signature
