Wow... this is a rather large problem for www.mail-archive.com, considering how many list archives they host:
http://www.mail-archive.com/lists.html Their FAQ touts the spam prevention: "The Mail Archive utilizes two levels of electronic countermeasures to prevent spam incidents. First, we explicitly block spam harvesting robots (spambots) from accessing our server. We deny access, at the server level, for any software that matches the browser ID of a known spambot. Our second line of defense is to make sure that the web pages themselves are spambot resistant. We do not use any unshielded mailto: hyperlinks, email addresses and we strip out, scramble, or obfuscate email addresses from message headers and bodies." A nice start, but clearly the "obfuscation" is not very obfuscated! Either encrypt the embedded email addresses, or better yet, store the email addresses internally and provide only a unique ID in the webpage which correlates to the real address for the email form! I would CC the owner of www.mail-archive.com, but it seems their address is the only one not available on their site... ahem. -thomas At 11/10/2003 13:37:03, Thomas wrote: >To answer my own question (perhaps), I looked at the source on the >web archive at the site. Everyone's email addresses are exposed. There >are two hidden tags which would be quite easy for a bot to grab and concatenate: > > > > >Take a look at the source of this example message to see: > >http://www.mail-archive.com/[EMAIL PROTECTED]/msg01586.html > >I hope this can be fixed. > >-thomas
