Bugs item #1059637, was opened at 2004-11-03 12:14 Message generated for change (Comment added) made by magicfab You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1059637&group_id=103
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Pipermail Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Alster (alster) Assigned to: Nobody/Anonymous (nobody) Summary: Leave choice on obfuscation method to sysadmin Initial Comment: As far as I know, currently the way pipermail obfuscates email addresses is hardcoded to "user at domain.com". This is really easy to harvest. It may be a better idea to leave the method of obfuscation to the mailman (sys)admin (not list admin). This will result in increased diversity of obfuscation methods on the several pipermail setups and thus to decreased harvesting. ---------------------------------------------------------------------- Comment By: Fabián A. Rodríguez S. (magicfab) Date: 2005-09-21 12:03 Message: Logged In: YES user_id=92045 I agree this should be addressed as more and more bots & agents harvest public lists for this information. Even private lists that are not tuning 2.1.6 may be vulnerable to this harvesting method. I'd like to suggest to use a random obfuscation method *for each message* . ---------------------------------------------------------------------- Comment By: Jean Delvare (khali) Date: 2005-07-18 06:15 Message: Logged In: YES user_id=66405 I would second this request. The current obfuscation scheme is next to useless. I understand that it would make little sense hardcoding a more complex obfuscation scheme, as it could easily be reverse-engineered. However, if the obfuscation method was left to the administrator, there would be virtually as many different obfuscation schemes as sites, so reverse-engineering would be much more difficult, if impossible. As a side note, I wonder why there is no option in mailman to plain discard the e-mail addresses from the Archive. This should be even more simple to implement, and sufficient at least for my own needs. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1059637&group_id=103 _______________________________________________ Mailman-coders mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-coders
