Hello, On Wed, January 28, 2009 01:59, roguem...@roguewrt.org wrote:
> This should especially be done by mailing list servers and more so in > openmoko's case as the contact with openmoko personnel and developers is > pretty crucial. > > Preventing your own people from being impersonated and forged mails > being relayed via your own list seems common sense to some of us, or at > least me :) There is another situation that I find to be a worry: In order to send mail to this list you have to have a registered address. In the above case it was proper "openmoko.org" addresses that was used in the Joe Job attack, but it could have been anybody else who have sent an email to the list. Looking in the list archives I can see that not enough is being done to obscure sender addresses. Currently the only thing that is being done is to replace the "@" with a "<space>at<space>". So "dor...@grey.com" would become "dorian at grey.com". Sweet! Armed with wget to leech all the archives, a few text tools (grep, Perl, Python, etc) and I can build up a list of addresses (almost 100% confirmed working addresses) that could be used for various spamming activities. A list of active addresses is worth money too! ;-) So what I suggest is that the list administrators obfuscate list members' addresses even more. MailMan's Pipermail archiver can do this if properly set up. -- Regards, Jan Henkins _______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
