Ceki G�lc� <[EMAIL PROTECTED]> wrote:
Your comments are welcome.
If you pick 10 people and ask them, you come up with at least 20 solutions for spam and 100 ideas.
I think email obfuscation is just as useless yet appealing as security thru obscurity if the amount of email obfuscated is high enough (and apache produces tons of it). We can pick n random obfucation methods, but this will make the job just n times harder and I don't think we can come up with more than, say, 20 meaningful obfuscation methods.
A little obfuscation goes a long way. Look at our subscription mechanism to mailing lists. It is trivially easy to defeat, but as far as I know no one has yet subscribed to one of our lists to spam us. Following through with this logic, we should either abandon mailing lists altogether because they can be defeated or accept that address obfuscation can help to reduce spam.
Another idea is to remove the From: header entirely. This way, you don't know who sent the email, nor spammers can. But this will totally destroy the mail list ecosystem.
Your proposal of using bogus address looks appealing at first, but it potentially makes the problem even worse: it might be a worm sending you that message, pretending to be me.
Net result: Ceki is now (involuntarely) spamming Stefano.
Note that if this method was institutionalized, you need rebouncing prevention (my bogus address spamming your bogus address and ping-pong forever).
Infinite loop prevention is already built in the script I sent to list.
I am strongly against any system that bounces email and my 300 spam/bounces messages a day prove why [ and I can't estimate how many don't even reach my inbox due to @apache.org prefiltering ]
The procmail script I sent can be used without the collaboration of list moderators let alone apmail.
-- Stefano.
-- Ceki G�lc�
For log4j documentation consider "The complete log4j manual"
ISBN: 2970036908 http://www.qos.ch/shop/products/clm_t.jsp
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
