CVR == Chuq Von Rospach [EMAIL PROTECTED] writes:
(Or a header that can be set to cause a message not to get
archived?)
CVR That already exists -- X-No-Archive, which I believe
CVR pipermail understands.
Mailman's interface to Pipermail is what does this check, currently
JRA == Jay R Ashworth [EMAIL PROTECTED] writes:
JRA Spaminator. You picked precisely the example I had in mind.
JRA If the masses *demand* solutions, those solutions *will*
JRA happen.
I tend to agree that the big ISPs will be forced by their users to put
up their own spam
DN == Dale Newfield [EMAIL PROTECTED] writes:
DN I thought about that, but do you really want to send monthly
DN password reminders to people that just wanted to look at the
DN archives? (Or do we not send those to people with nomail
DN set?)
We send password reminders to
On Mon, Feb 25, 2002 at 10:09:35AM -0500, Barry A. Warsaw wrote:
Mailman's interface to Pipermail is what does this check, currently
defined as:
X-No-Archive: yes
X-Archive: no
prevents the message from being archived in any way. I don't think
there are standards for this
On Mon, Feb 25, 2002 at 10:25:49AM -0500, Barry A. Warsaw wrote:
That doesn't help the little guy like me who runs my own domain and
tools and spends a 1/2 hour (or more) every morning just deleting
spam, even while on vacation. :) And no itch is as persistent and
annoying as my own.
I'm
On Mon, Feb 25, 2002 at 09:23:59AM -0800, Chuq Von Rospach wrote:
On 2/25/02 8:56 AM, Jay R. Ashworth [EMAIL PROTECTED] wrote:
That said, my normal daily mail load is almost 300 these days,
including 9 mailing lists, and my spamcount is about 15; I deal with
them in about 2 minutes; and
On Mon, Feb 25, 2002 at 12:32:44PM -0500, Barry A. Warsaw wrote:
practice well enough. I.e. should the presence of
X-No-Archive: itself, regardless of value, prevent archiving of
the message?
JRA This depends on which side of the enabler argument,
JRA discussed ad
I repeat myself, but only Chuq seems to have noticed the other post.
John == John Morton [EMAIL PROTECTED] writes:
John This depends on just how temporary your 'solution' turns out
John to be, and it's level of complexity and usability. I don't
John think anyone has really advocate
From: Stephen J. Turnbull
First, since addresses are typically repeated but obfuscated
in different ways, the probability that a given address gets
harvested is much higher than the probability that any given
obfuscated instance gets cracked. Second, you don't need to
get 100%
Damien == Damien Morton [EMAIL PROTECTED] writes:
Damien So obfuscation is imperfect, and the more effective it is,
Damien the more value there is in cracking it.
That's true, but that's not what I said.
What I said is it is weak enough that a small amount of effort brings
some payoff
On Fri, Feb 22, 2002 at 09:16:20AM -0500, Damien Morton wrote:
Is it desireable to prevent the whole world seeing email addresses in
mailman archives?
If yes then
should there be public and private archives, with the public
archive protecting addresses?
if yes
From: Dale Newfield [mailto:[EMAIL PROTECTED]]
On Wed, 20 Feb 2002, Damien Morton wrote:
I still think the email-address-as-jpeg solution is prohibitively
expensive to reverse; effectively impossible for machines, entirely
easy for people.
But it does have drawbacks.
It only
On Thu, 2002-02-21 at 13:28, Damien Morton wrote:
From: Dale Newfield [mailto:[EMAIL PROTECTED]]
It only works with graphical browsers.
This is true. We are in the 21st century now. Expecting a graphical
client isnt such a huge leap of faith, unless we allow ourselves to be
guided by
From: Nigel Metheringham
From: Dale Newfield [mailto:[EMAIL PROTECTED]]
It only works with graphical browsers.
This is true. We are in the 21st century now. Expecting a graphical
client isnt such a huge leap of faith, unless we allow
ourselves to be
guided by recidivist or
On Thu, 21 Feb 2002, Damien Morton wrote:
Making a private archive available to those who are list members
I haven't commented on this before, but the reason I find this solution
lacking is that most mailman lists (in my experience) don't require list
admin permission to join. If this is the
On Thu, 21 Feb 2002, Damien Morton wrote:
OCR is hard
OCR is hard mostly because of the analog components (and the variety of
fonts that exist). If you are generating the image digitally (and with a
limited set of fonts), most of the OCR problems go away.
Some examples of reverse turing
On Thu, 21 Feb 2002, Damien Morton wrote:
should an obfuscation scheme be used at all?
if yes
what obfuscation scheme(s) should be used?
obscured email?
email as images?
On Thu, Feb 21, 2002 at 08:28:13AM -0500, Damien Morton wrote:
On Wed, 20 Feb 2002, Damien Morton wrote:
I still think the email-address-as-jpeg solution is prohibitively
expensive to reverse; effectively impossible for machines, entirely
easy for people.
But it does have
On Friday 22 February 2002 05:28, Dale Newfield wrote:
On Thu, 21 Feb 2002, Damien Morton wrote:
Making a private archive available to those who are list members
I haven't commented on this before, but the reason I find this solution
lacking is that most mailman lists (in my experience)
On Thu, Feb 21, 2002 at 09:23:51AM -0800, Chuq Von Rospach wrote:
This hits another aspect of my design philosophy. Don't sweat making one
part of the system more secure than the other parts.
And very well phrased.
In this case, you hit a nail on the head. If a spammer really, really wants
On Thu, Feb 21, 2002 at 10:27:08AM -0500, Damien Morton wrote:
I wonder if the ADA would accept the need to obscure email addresses,
and I wonder if they would accept the extra authentication step required
to get at the unobscured email address? Would they understand that it
protects all
From: Jay R. Ashworth
On Thu, Feb 21, 2002 at 10:27:08AM -0500, Damien Morton wrote:
I wonder if the ADA would accept the need to obscure email
addresses,
and I wonder if they would accept the extra authentication step
required to get at the unobscured email address? Would they
On Fri, 22 Feb 2002, John Morton wrote:
The best we can do here is implement something simple now that gets the
job done, and continuously test it to see if it's still good enough.
When it's not, we build another countermeasure.
I completely disagree. You argue for job security. I argue for
On Friday 22 February 2002 18:36, Dale Newfield wrote:
On Fri, 22 Feb 2002, John Morton wrote:
The best we can do here is implement something simple now that gets the
job done, and continuously test it to see if it's still good enough.
When it's not, we build another countermeasure.
I
On Fri, 22 Feb 2002, John Morton wrote:
The problem is that if you accept that those nefarious agents of mass
email will start auto-joining lists and plunder the private archive and
message feed for addresses sometime in the future, then you have to
implement another layer of hackery to
On 2/20/02 9:45 AM, Jay R. Ashworth [EMAIL PROTECTED] wrote:
While I'll happily tell the I don't like cookies people to get over it,
Well, actually, there are still a couple browsers that don't *do*
cookies. 2.8.3, I think, doesn't do persistence, yet.
My answer: get a real browser...
At 10:15 -0800 2/20/2002, Chuq Von Rospach wrote:
That, basically, allows us to stuff mailtos somewhere pointing to an address
you can mail to to report site failures. I'll even go farther and say that
address can simply be on a web page, not linked to a Mailto, and if you
really, reallly want,
At 13:42 -0800 2/20/2002, Chuq Von Rospach wrote:
And any decent library also has a rare books room, which IS tightly locked
up. And while the content of a mail list qualifies as a public library to
some degree, the subscriber addresses live in that rare book room.
At least in Chuq's context, in
On 2/20/02 2:13 PM, John W Baxter [EMAIL PROTECTED] wrote:
At least in Chuq's context, in which Apple claims in their privacy policy
to protect the addresses of us innocent subscribers to their lists.
That context may not match the context of other list operators, who may
feel that the
On Wed, 20 Feb 2002, Chuq Von Rospach wrote:
I'm not telling admins what their policies need to be, but I do think
Mailman needs to understand it's role as a best practices tool -- and
I do feel strongly that whatever an admin does, they do so in a mode
that involves informed consent with
On 2/20/02 2:43 PM, Dale Newfield [EMAIL PROTECTED] wrote:
(Or a header that can be set to cause a message not to get archived?)
That already exists -- X-No-Archive, which I believe pipermail understands.
--
Chuq Von Rospach, Architech
[EMAIL PROTECTED] -- http://www.chuqui.com/
Stress is
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
Chuq Von Rospach
Sent: Wednesday, 20 February 2002 18:40
To: Dale Newfield; [EMAIL PROTECTED]
Subject: Re: [Mailman-Developers] Interesting study -- spam
on postedaddresses...
On 2/20/02 2:43 PM, Dale Newfield [EMAIL
On Wed, Feb 20, 2002 at 01:42:34PM -0800, Chuq Von Rospach wrote:
On 2/20/02 1:18 PM, Jay R. Ashworth [EMAIL PROTECTED] wrote:
And burglary is not caused by my owning nice things, either. It's caused by
burglars. But that's no excuse to not put locks on the doors.
A mailing list -- a
On Wed, Feb 20, 2002 at 06:49:53PM -0800, Chuq Von Rospach wrote:
On 2/20/02 5:36 PM, Jay R. Ashworth [EMAIL PROTECTED] wrote:
So, you're saying because you protect yourself from the spammers, that
EVERYONE should, too?
As a matter of fact, yes, I am saying that. There are cost-free,
On Thursday 21 February 2002 17:15, Dale Newfield wrote:
On Wed, 20 Feb 2002, Damien Morton wrote:
Web Forms for contacting the admin cold. If the admin replies, you can
continue the conversation via email.
Right, assuming the web form doesn't break.
Monitor the form. Your monitoring
It's a test to find out if the agent that requested the page is human or some
bot of some sort.
Assuming you can build such a test. Good luck.
That some other programmer can't cheat on. Even gooder luck.
If it's arbitrary, it's generated by some algorithm. If it's generated by
some
On Thursday 21 February 2002 18:08, Dale Newfield wrote:
On Thu, 21 Feb 2002, John Morton wrote:
It's a test to find out if the agent that requested the page is human or
some bot of some sort.
Assuming you can build such a test. Good luck.
Building a good one is tricky. It depends on
On Thursday 21 February 2002 18:41, Chuq Von Rospach wrote:
There is some validity to the the club mentality, of we don't have to
fix it, we only have ot make it difficult enough to convince them to annoy
someone else. But if we assume we're building the New Defacto Standard
Listserver for
At 0:08 -0500 2/21/2002, Dale Newfield wrote:
If the question and answer can be arbitary on a site by site, or better,
hit by hit basis, then it becomes infeasible to build a spambot to enter
such sites.
If it's arbitrary, it's generated by some algorithm. If it's generated by
some
On Wed, 20 Feb 2002, Chuq Von Rospach wrote:
If you've got a database mapping arbitrary number/name/string to an email
address, then why not just have a web form that sends mail to that address
knowing only the arbitrary value (and never divulge the email address)?
Basically, what I'm
On Thu, 21 Feb 2002, John Morton wrote:
Actually, the reason not to use it is that it can be used to spam anyone
who's id mapping you can grab from the archive!
That's a separate issue and can have a separate solution. Make the form
smart--for example, make it only accept 10 messages from a
At 23:15 -0500 2/20/2002, Dale Newfield wrote:
On Wed, 20 Feb 2002, Damien Morton wrote:
I still think the email-address-as-jpeg solution is prohibitively
expensive to reverse; effectively impossible for machines, entirely easy
for people.
...
It can't be enlarged for people that have poor
Have you seen what slashdot is doing?
unobscured mailto: links?
What am I missing?
___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers
On 2/19/02 1:46 AM, Damien Morton [EMAIL PROTECTED] wrote:
Once we are talking about both public are private archives, however, we
are probably also talking about the use of a cgi script which renders
emails on the fly, depending on some kind of authentication. A cookie,
perhaps.
That's
On 2/19/02 7:09 AM, Jay R. Ashworth [EMAIL PROTECTED] wrote:
I was wondering how long it would be before someone brought up the case
for Lynx. Blind people I had not though about, although I had thought
about text based reverse turing tests.
:-)
Lynx access is a really gnarly issue. Lynx
At 7:12 -0500 2/18/2002, Damien Morton wrote:
There are several approaches to this, including
the use of javascript email decryptors and/or publishing email addresses
as rendered images.
I don't think we can assume that the user who feels a need to send mail to
the admin has a JavaScript-capable
On 2/18/02 10:37 AM, Jay R. Ashworth [EMAIL PROTECTED] wrote:
You'll have to forgive me, but this sort of 'too-clever by all' solution
gives me hives.
And you have to be wary of solutions that make it tough for the naïve/novice
net user to figure out what needs to be done. Those of us who
To: Jay R. Ashworth; [EMAIL PROTECTED]
Subject: Re: [Mailman-Developers] Interesting study -- spam on
postedaddresses...
On 2/18/02 10:37 AM, Jay R. Ashworth [EMAIL PROTECTED] wrote:
You'll have to forgive me, but this sort of 'too-clever by all'
solution gives me hives.
And you have
Speaking of tradeoffs, it's my opinion that hiding archives behind a
password protection scheme for fear that the administrator, who probably
deals with oodles of email anyways and is probably the *most* experienced
person in regards to email filtering etc, is a poor one.
whew.
The archives
On 2/18/02 7:15 AM, Jay R. Ashworth [EMAIL PROTECTED] wrote:
Yup, and so does every web page on the net, and it will keep happening
until other things outside our control change markedly -- either on the
network provider TOS enforcement side...
Oh boy. Now I get to sound like your mother..
On 2/18/02 7:21 AM, Jay R. Ashworth [EMAIL PROTECTED] wrote:
All it takes is code. Volunteering? (grin)
Because there's not a sufficiently strong method of authenticating that
the person trying to change the address is actually the *user*?
So we get back to the core of the problem: until
On 2/17/02 7:48 PM, Larry McVoy [EMAIL PROTECTED] wrote:
Second, the point is that even if mailman is 100% perfect, it's not
at all clear that that would result in even 1% less spam hitting home.
If that's even remotely close, then it seems like efforts could be better
spent on screening
On Sun, 17 Feb 2002, Chuq Von Rospach wrote:
On 2/17/02 7:48 PM, Larry McVoy [EMAIL PROTECTED] wrote:
Second, the point is that even if mailman is 100% perfect, it's not
at all clear that that would result in even 1% less spam hitting home.
If that's even remotely close, then it seems
On 2/17/02 8:16 PM, Keith Howanitz [EMAIL PROTECTED] wrote:
I would just like to put in one thought... I like the whole small is
beautiful philosophy. Maybe as you add more features, we can add some of
these things as distict modules? I still feel the pipe is one of the best
things *NIX
On 2/17/02 8:39 PM, John Morton [EMAIL PROTECTED] wrote:
If they can set up admin specific accounts that redirect to /dev/null, then
they can set up procmail to drop HTML mail, and say they're doing so anywhere
they're advertising the admin email address. That would filter 90% of the
spam
55 matches
Mail list logo
